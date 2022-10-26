Apple patches another actively exploited iOS, iPadOS zero-day

By on
Apple patches another actively exploited iOS, iPadOS zero-day

By John Leonard

Apple on has released patches for a zero-day flaw in iOS and iPadOS that it says has been actively exploited in the wild.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in documentation about the security updates without providing details about any attack.

The out-of-bounds write issue in the kernel, CVE-2022-42827, could enable an attacker to execute code with the highest privileges at the most fundamental level of the operating system.

[Related: Apple iPad Pro With M2 Chip: Five Things To Know]

Out-of-bounds write flaws allow applications to write data outside the intended buffer in memory, which can result in data corruption, crashes, and other unexpected behavior.

Apple has patched the zero-day vulnerability in iOS 16.1 and iPadOS 16. Apple’s latest patch improves memory handling in the following devices running those OSes:

- iPhone 8 and later

- iPad Pro (all models)

- iPad Air 3rd generation and later

- iPad 5th generation and later

- iPad mini 5th generation and later

This is the ninth zero-day bug to be fixed by Apple this year.

In January, it released updates for iOS 15 and iPadOS 15 that fixed, among other flaws, a buffer overflow issue that let an app execute arbitrary code with kernel privileges.

In February, Apple patched another actively exploited zero-day in WebKit that that is allowed threat actors to execute arbitrary code to compromise iPads, iPhones and MacOS devices.

And in August the company released patches for another bug CVE-2022-32894 affecting the kernel, which could allow attackers to take control of the device; and in September another zero day CVE-2022-32917 affecting iPhones and iPads was fixed.

This article originally appeared on CRN’s sister site, Computing.

This article originally appeared at crn.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:
apple patch apple security finance

Partner Content

Yealink's commitment to Australian channel deepens as it attracts more partners
Yealink's commitment to Australian channel deepens as it attracts more partners
How Yealink powers the Future Workplace with Microsoft&#160;Teams collaboration devices
How Yealink powers the Future Workplace with Microsoft Teams collaboration devices
Tour one of the largest factory automation solution providers in ANZ next month
Tour one of the largest factory automation solution providers in ANZ next month
Complaints to compliments: solving the hybrid holiday internet challenge
Complaints to compliments: solving the hybrid holiday internet challenge
How to prepare for the increasing demand for cloud-ready partners
How to prepare for the increasing demand for cloud-ready partners

Sponsored Whitepapers

How vulnerability scans identify & protect against cyberthreats before criminals locate them
How vulnerability scans identify & protect against cyberthreats before criminals locate them
Monitoring & automation: A primer for MSPs
Monitoring & automation: A primer for MSPs
Endpoint Detection and Response
Endpoint Detection and Response
How to put your infrastructure into overdrive
How to put your infrastructure into overdrive
MSPs: Stack your solutions
MSPs: Stack your solutions

Most Read Articles

NBN Co adds over 160 new suburbs to fibre upgrade list

NBN Co adds over 160 new suburbs to fibre upgrade list
Intel CEO Pat Gelsinger: 'hard decisions' coming on layoffs

Intel CEO Pat Gelsinger: 'hard decisions' coming on layoffs
Medibank data breach continues to worsen

Medibank data breach continues to worsen
Australian cyber governance principles published

Australian cyber governance principles published

Log In

Email:
Password:
  |  Forgot your password?