Apple releases iOS 16.1 to fix 0-day CVE-2022-42827 flaw
Apple on Monday rolled out an urgent security update for iOS and iPadOS, to address a zero-day flaw that it said may have been actively exploited, making it the ninth such vulnerability Apple has patched since the start of this year.
The flaw (tracked as CVE-2022-42827) may allow maliciously crafted applications to execute arbitrary code with kernel privileges. This flaw was reported by an anonymous researcher. “Apple is aware of a report that this issue may have been actively exploited,” the company said.
The company said it addressed the issue with improved bounds checking. As is typically the case, additional details about the flaw have not been disclosed to prevent the weaponization of the vulnerability for additional attacks.
The affected devices include:
- iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
By using a specially crafted application, an attacker could exploit the CVE-2022-42827 vulnerability to execute arbitrary code with kernel privileges.
This is the ninth zero-day fixed by Apple since the start of the year:
- January 2022: CVE-2022-22587 and CVE-2022-22594.
- February 2022: CVE-2022-22620.
- March 2022: CVE-2022-22674 and CVE-2022-22675.
- May 2022: CVE-2022-22675
- August 2022: CVE-2022-32894
- September 2022: CVE-2022-32917.
It’s highly recommended that users move quickly to update their devices to the latest version to mitigate the risk associated with the flaw. Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.