Apple fixes exploited iOS, iPadOS zero-day (CVE-2022-42827)

For the ninth time this year, Apple has released fixes for a zero-day vulnerability (CVE-2022-42827) exploited by attackers to compromise iPhones.


About CVE-2022-42827

CVE-2022-42827 is an out-of-bounds write issue in the iOS and iPadOS kernel, which can be exploited to allow a malicious application to execute arbitrary code with kernel privileges.

“Apple is aware of a report that this issue may have been actively exploited,” the company said, though – as per usual – did not offer details about the attack(s).

Reported by an anonymous researcher, the vulnerability has been fixed with improved bounds checking in iOS 16.1 and iPadOS 16, which is available for:

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later

iOS 16.1 and iPadOS 16 also come with fixes for 19 additional CVE-numbered security issues, including a flaw (CVE-2022-32946) in the Bluetooth component that could allow an app to record audio using a pair of connected AirPods, and many other code execution holes.

Other security updates

Mac users, whether they are running macOS Big Sur, Monterey, or Ventura (the latest version of the OS, with new security and privacy features), have also security updates available.

Ventura’s is particularly sizeable, with fixes for 113 issues (40 of which are in the Vim text editor).

Safari, tvOS and watchOS security updates have also been released.

UPDATE (October 28, 2022, 05:25 a.m. ET):

Apple has released updates for the iOS 15 and iPadOS 15 branch, which include the patch for CVE-2022-42827.

Don't miss