Apple has patched the ninth zero-day vulnerability used in attacks against iPhones this year with security patches issued on Monday.
Today, Apple issued an alert claiming it has received indications that the vulnerability “may have been actively exploited.”
Software that writes data outside the confines of the current out-of-bounds write causes the problem (CVE-2022-42827), which was reported to Apple by an unknown researcher.
Undefined or unanticipated effects (also known as memory corruption) coming from subsequent data added to the buffer might cause corruption of the original data, program crashes, or even code execution. Apple notes that attackers might have used this zero-day to gain kernel privileges and execute arbitrary code. All versions of the iPad Pro, the iPad Air, the iPad, and the iPad mini from the third to the fifth generations, as well as the iPhone 8 and later, are vulnerable.
”Patch your iPhones and iPads
In iOS 16.1 and iPadOS 16 , Apple fixed the zero-day bug by enhancing bounds checking.IOS
Apple has admitted it has received reports of this vulnerability being actively exploited in the field, although the company has not provided details on the assaults themselves. It’s probable that this will give Apple users time to fix their devices before other attackers create new flaws and begin employing them in assaults against iPhones and iPads.
While it’s probable that this zero-day flaw was only exploited in well planned assaults, it’s still important to apply today’s security patches in order to protect yourself from potential threats.
Apple has now patched their ninth zero-day vulnerability since the beginning of the year:
-
- Apple patched a vulnerability in the iOS Kernel in September (CVE-2022-32917).
- It patched two further zero-day vulnerabilities in the iOS Kernel (CVE-2022-32894) and WebKit in August (CVE-2022-32893)
- Apple fixed another WebKit zero-day problem in February that could have been used to compromise iOS and OS X devices.
- Apple fixed two further zero-days in January, fixing vulnerabilities that might have allowed code execution with kernel privileges (CVE-2022-22587) and web tracking (CVE-2022-22594).
Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden flows by their place and supplies it with the necessary regelialia. It is a paradisematic country, in which roasted parts of sentences fly into your mouth. Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar.
The Big Oxmox advised her not to do so, because there were thousands of bad Commas, wild Question Marks and devious Semikoli, but the Little Blind Text didn’t listen. She packed her seven versalia, put her initial into the belt and made herself on the way.
l using her.Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden flows by their place and supplies it with the necessary regelialia.