{"id":108046,"date":"2022-10-25T22:48:24","date_gmt":"2022-10-25T22:48:24","guid":{"rendered":"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/"},"modified":"2022-10-25T22:48:24","modified_gmt":"2022-10-25T22:48:24","slug":"apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source","status":"publish","type":"post","link":"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/","title":{"rendered":"Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source"},"content":{"rendered":"<div itemprop=\"articleBody\">\n<figure class=\"intro-image intro-left\">\n  <figcaption class=\"caption\"\/>  <\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\">\n<\/aside>\n<p><!-- cache hit 56:single\/related:b6c61a611ee0d19a8013e3b605d5ecee --><!-- empty --><\/p>\n<p>Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads.<\/p>\n<p>In an advisory, Apple said that CVE-2022-42827, as the vulnerability is tracked, \u201cmay have been actively exploited,\u201d using a phrase that&#8217;s industry jargon for indicating a previously unknown vulnerability is being exploited.  The memory corruption flaw is the result of an \u201cout-of-bounds write,\u201d meaning Apple software was placing code or data outside a protected buffer.  Hackers often exploit such vulnerabilities so they can funnel malicious code into sensitive regions of an OS and then cause it to execute.<\/p>\n<p>The vulnerability was reported by an \u201canonymous researcher,\u201d Apple said, without elaborating.<\/p>\n<p>This spreadsheet maintained by Google researchers showed that Apple fixed seven zero-days so far this year, not including CVE22-42827.  Counting this latest one would bring that Apple zero-day total for 2022 to eight.  Bleeping Computer, however, said CVE-2022-42827 is Apple&#8217;s ninth zero-day fixed in the last 10 months.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\">\n    <span class=\"ad_notice\">Advertisement <\/span>    <\/p>\n<\/aside>\n<p>Zero-days are vulnerabilities that are discovered and either actively leaked or exploited before the responsible vendor has had a chance to release a patch fixing the flaw.  A single zero-day often sells for $1 million or more.  To protect their investment, attackers who have access to zero-days typically work for nation-states or other organizations with deep pockets and exploit the vulnerabilities in highly targeted campaigns.  Once the vendor learns of the zero-day, they are usually patched quickly, causing the value of the exploit to plummet.<\/p>\n<p>The economics make it highly unlikely that most people have been targeted by this vulnerability.  Now that a patch is available, however, other attackers will have the opportunity to reverse-engineer it to create their own exploits for use against unpatched devices.  Affected users\u2014including those using iPhone 8 and later, iPad Pros, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later\u2014should ensure they&#8217;re running iOS 16.1 or iPadOS 16.<\/p>\n<p>Besides CVE-2022-42827, the updates fix 19 other security vulnerabilities, including two in the kernel, three in Point-to-Point Protocol, two in WebKit, and one each in AppleMobileFileIntegrity, Core Bluetooth, IOKit, and this iOS sandbox.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads. In an advisory, Apple said that CVE-2022-42827, as the vulnerability is tracked, \u201cmay have been actively exploited,\u201d using a phrase &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/\"> <span class=\"screen-reader-text\">Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source - harchi90<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source - harchi90\" \/>\n<meta property=\"og:description\" content=\"Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads. In an advisory, Apple said that CVE-2022-42827, as the vulnerability is tracked, \u201cmay have been actively exploited,\u201d using a phrase &hellip; Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source Read More &raquo;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/\" \/>\n<meta property=\"og:site_name\" content=\"harchi90\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-25T22:48:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/zeroday-760x380.jpg\" \/><meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/zeroday-760x380.jpg\" \/>\n<meta name=\"author\" content=\"islamlacoste58\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/zeroday-760x380.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"islamlacoste58\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/\",\"url\":\"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/\",\"name\":\"Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source - harchi90\",\"isPartOf\":{\"@id\":\"https:\/\/harchi90.com\/#website\"},\"datePublished\":\"2022-10-25T22:48:24+00:00\",\"dateModified\":\"2022-10-25T22:48:24+00:00\",\"author\":{\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b\"},\"breadcrumb\":{\"@id\":\"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/harchi90.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/harchi90.com\/#website\",\"url\":\"https:\/\/harchi90.com\/\",\"name\":\"harchi90\",\"description\":\"Just another WordPress site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/harchi90.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b\",\"name\":\"islamlacoste58\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g\",\"caption\":\"islamlacoste58\"},\"sameAs\":[\"http:\/\/harchi90.com\"],\"url\":\"https:\/\/harchi90.com\/author\/islamlacoste58\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source - harchi90","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/","og_locale":"en_US","og_type":"article","og_title":"Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source - harchi90","og_description":"Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads. In an advisory, Apple said that CVE-2022-42827, as the vulnerability is tracked, \u201cmay have been actively exploited,\u201d using a phrase &hellip; Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source Read More &raquo;","og_url":"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/","og_site_name":"harchi90","article_published_time":"2022-10-25T22:48:24+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/zeroday-760x380.jpg"},{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/zeroday-760x380.jpg"}],"author":"islamlacoste58","twitter_card":"summary_large_image","twitter_image":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/zeroday-760x380.jpg","twitter_misc":{"Written by":"islamlacoste58","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/","url":"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/","name":"Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source - harchi90","isPartOf":{"@id":"https:\/\/harchi90.com\/#website"},"datePublished":"2022-10-25T22:48:24+00:00","dateModified":"2022-10-25T22:48:24+00:00","author":{"@id":"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b"},"breadcrumb":{"@id":"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/harchi90.com\/apple-rushes-out-patch-for-iphone-and-ipad-0-day-reported-by-anonymous-source\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/harchi90.com\/"},{"@type":"ListItem","position":2,"name":"Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source"}]},{"@type":"WebSite","@id":"https:\/\/harchi90.com\/#website","url":"https:\/\/harchi90.com\/","name":"harchi90","description":"Just another WordPress site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/harchi90.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b","name":"islamlacoste58","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/harchi90.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g","caption":"islamlacoste58"},"sameAs":["http:\/\/harchi90.com"],"url":"https:\/\/harchi90.com\/author\/islamlacoste58\/"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":107699,"url":"https:\/\/harchi90.com\/apple-releases-patch-for-new-actively-exploited-ios-and-ipados-zero-day-vulnerability\/","url_meta":{"origin":108046,"position":0},"title":"Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability","date":"October 25, 2022","format":false,"excerpt":"Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":48588,"url":"https:\/\/harchi90.com\/ios-15-6-1-fixes-two-security-vulnerabilities-that-were-actively-exploited-in-the-wild\/","url_meta":{"origin":108046,"position":1},"title":"iOS 15.6.1 fixes two security vulnerabilities that were actively exploited in the wild","date":"August 18, 2022","format":false,"excerpt":"Apple released iOS 15.6.1 to iPhone and iPad users this afternoon. The initial release notes did not specify what exactly had changed, other than Apple saying the update \u201cprovides important security updates and is recommended for all users.\u201d Apple has now updated its security updates webpage with the full details\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":49613,"url":"https:\/\/harchi90.com\/apple-security-flaw-actively-exploited-by-hackers-to-fully-control-devices-apple\/","url_meta":{"origin":108046,"position":2},"title":"Apple security flaw &#8216;actively exploited&#8217; by hackers to fully control devices |  apple","date":"August 19, 2022","format":false,"excerpt":"Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices on Wednesday.The company said it is \u201caware of a report that this issue may have been actively exploited\u201d.Apple released two security reports about the issue on Wednesday, although\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":63062,"url":"https:\/\/harchi90.com\/old-iphones-and-ipads-stuck-on-ios-12-get-a-patch-for-a-serious-security-hole\/","url_meta":{"origin":108046,"position":3},"title":"Old iPhones and iPads stuck on iOS 12 get a patch for a serious security hole","date":"September 1, 2022","format":false,"excerpt":"enlarge \/ Older iPhones and iPads running iOS 12. Apple is releasing a rare security update for older iPhones and iPads stuck on iOS 12, an operating system that received its last security update nearly a year ago. The iOS 12.5.6 update patches a single \"actively exploited\" WebKit bug that\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":23002,"url":"https:\/\/harchi90.com\/0-day-used-to-infect-chrome-users-could-pose-threat-to-edge-and-safari-users-too\/","url_meta":{"origin":108046,"position":4},"title":"0-day used to infect Chrome users could pose threat to Edge and Safari users, too","date":"July 23, 2022","format":false,"excerpt":"A secretive seller of cyberattack software recently exploited a previously unknown Chrome vulnerability and two other zero-days in campaigns that covertly infected journalists and other targets with sophisticated spyware, security researchers said. CVE-2022-2294, as the vulnerability is tracked, stems from memory corruption flaws in Web Real-Time Communications, an open source\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"fifu_image_url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/zeroday-760x380.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/108046"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=108046"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/108046\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=108046"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=108046"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=108046"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}