Security News > 2022 > October > Apple fixes exploited iOS, iPadOS zero-day (CVE-2022-42827)
For the ninth time this year, Apple has released fixes for a zero-day vulnerability exploited by attackers to compromise iPhones.
CVE-2022-42827 is an out-of-bounds write issue in the iOS and iPadOS kernel, which can be exploited to allow a malicious application to execute arbitrary code with kernel privileges.
iOS 16.1 and iPadOS 16 also come with fixes for 19 additional CVE-numbered security issues, including a flaw in the Bluetooth component that could allow an app to record audio using a pair of connected AirPods, and many other code execution holes.
Mac users, whether they are running macOS Big Sur, Monterey, or Ventura, have also security updates available.
Ventura's is particularly sizeable, with fixes for 113 issues.
Safari, tvOS and watchOS security updates have also been released.
News URL
https://www.helpnetsecurity.com/2022/10/25/cve-2022-42827/
Related news
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-42827 | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |