\n<\/aside>\n<\/p>\n
Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads.<\/p>\n
In an advisory, Apple said that CVE-2022-42827, as the vulnerability is tracked, \u201cmay have been actively exploited,\u201d using a phrase that’s industry jargon for indicating a previously unknown vulnerability is being exploited. The memory corruption flaw is the result of an \u201cout-of-bounds write,\u201d meaning Apple software was placing code or data outside a protected buffer. Hackers often exploit such vulnerabilities so they can funnel malicious code into sensitive regions of an OS and then cause it to execute.<\/p>\n
The vulnerability was reported by an \u201canonymous researcher,\u201d Apple said, without elaborating.<\/p>\n
This spreadsheet maintained by Google researchers showed that Apple fixed seven zero-days so far this year, not including CVE22-42827. Counting this latest one would bring that Apple zero-day total for 2022 to eight. Bleeping Computer, however, said CVE-2022-42827 is Apple’s ninth zero-day fixed in the last 10 months.<\/p>\n\n Advertisement <\/span> <\/p>\n<\/aside>\nZero-days are vulnerabilities that are discovered and either actively leaked or exploited before the responsible vendor has had a chance to release a patch fixing the flaw. A single zero-day often sells for $1 million or more. To protect their investment, attackers who have access to zero-days typically work for nation-states or other organizations with deep pockets and exploit the vulnerabilities in highly targeted campaigns. Once the vendor learns of the zero-day, they are usually patched quickly, causing the value of the exploit to plummet.<\/p>\n
The economics make it highly unlikely that most people have been targeted by this vulnerability. Now that a patch is available, however, other attackers will have the opportunity to reverse-engineer it to create their own exploits for use against unpatched devices. Affected users\u2014including those using iPhone 8 and later, iPad Pros, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later\u2014should ensure they’re running iOS 16.1 or iPadOS 16.<\/p>\n
Besides CVE-2022-42827, the updates fix 19 other security vulnerabilities, including two in the kernel, three in Point-to-Point Protocol, two in WebKit, and one each in AppleMobileFileIntegrity, Core Bluetooth, IOKit, and this iOS sandbox.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"
Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads. In an advisory, Apple said that CVE-2022-42827, as the vulnerability is tracked, \u201cmay have been actively exploited,\u201d using a phrase …<\/p>\n
Apple rushes out patch for iPhone and iPad 0-day reported by anonymous source<\/span> Read More »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"\nApple rushes out patch for iPhone and iPad 0-day reported by anonymous source - harchi90<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n