Security News > 2022 > September > Apple patches zero-day holes – even in the brand new iOS 16
Just to be clear, if you don't want to upgrade to iOS 16 just yet, you still need to update, because the iOS 15.7 and iPadOS 15.7 updates include numerous security patches, including a fix for a bug dubbed CVE-2022-32917.
APPLE-SA-2022-09-12-1: iOS 16 The big one! As well as a bunch of new features, this includes the Safari patches delivered separately for macOS, and a fix for CVE-2022-32917.
Whether that's because iOS 16 wasn't yet officially considered "In the wild" itself, or because the known exploit doesn't yet work on an unpatched iOS 16 Beta, we can't tell you.
The bug does indeed seem to have been carried forward from iOS 15 into the iOS 16 codebase.
A full-blown upgrade from iOS 15 to iOS 16.0, as it reports itself after installation, will patch the known bugs in iOS 15.
On iPads, for which iOS 16 isn't yet mentioned, grab iPadOS 15.7 right now - don't hang back waiting for iPadOS 16 to come out, given that you'd be leaving yourself needlessly exposed to a known exploitable kernel flaw.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-20 | CVE-2022-32917 | Out-of-bounds Write vulnerability in Apple Ipados and Iphone OS The issue was addressed with improved bounds checks. | 7.8 |