Security News > 2022 > October > Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability
Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild.
The iPhone maker said it addressed the bug with improved bounds checking, while crediting an anonymous researcher for reporting the vulnerability.
As is usually the case with actively exploited zero-day flaws, Apple refrained from sharing more specifics about the shortcoming other than acknowledging that it's "Aware of a report that this issue may have been actively exploited."
CVE-2022-42827 is the third consecutive Kernel-related out-of-bounds memory vulnerability to be patched by Apple after CVE-2022-32894 and CVE-2022-32917, the latter two of which have also been previously reported to be weaponized in real-world attacks.
The security update is available for iPhone 8 and later, iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
With the latest fix, Apple has closed out eight actively exploited zero-day flaws and one publicly-known zero-day vulnerability since the start of the year -.
News URL
https://thehackernews.com/2022/10/apple-releases-patch-for-new-actively.html
Related news
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-42827 | Out-of-bounds Write vulnerability in Apple Iphone OS An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
| 2022-09-20 | CVE-2022-32917 | Out-of-bounds Write vulnerability in Apple Ipados and Iphone OS The issue was addressed with improved bounds checks. | 7.8 |
| 2022-08-24 | CVE-2022-32894 | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |