Apple has released a fix for another new zero-day vulnerability that is being actively used in the wild – bringing the total number of such flaws to nine this year.
The flaw, which has been discovered on both Apple smartphones and tablets, is described as an out-of-bounds writing issue that threat actors can take advantage of to run arbitrary code with kernel privileges on vulnerable people. endpoints (Opens in a new tab)This vulnerability is now tracked as CVE-2022-42827.
The tech giant Cupertino was informed anonymously, security affairs Reported, fixed by improved limits check for iOS 16.1 and iPadOS 16.
Nine days zero this year alone
“Apple is aware of a report that this issue has been actively exploited.” Read Apple Security Advisor.
Users with iPhone 8 and later smart phone (Opens in a new tab)Any iPad Pro model, iPad Air 3rd generation or later, iPad 5th generation or later, or iPad mini 5th generation or later, must apply the latest updates immediately, as they are at zero-day risk.
This is the ninth zero-day vulnerability that Apple has addressed this year, after fixing a vulnerability in January (CVE-2022-22587 and CVE-2022-22594), one in February (CVE-2022-22620), two in March (CVE-2022- 22674 and CVE-2022-22675), one in May (CVE-2022-22675), one in August (CVE-2022-32894), and one in September (CVE-2022-32917).
CVE-2022-32917, which was fixed last month, allows malicious applications to execute arbitrary code with kernel privileges, just like the last zero day. This is also fixed with improved border checks.
iOS 16, the latest version of Apple’s mobile operating system, was released in mid-September this year. This release brought improvements to many apps, from the redesigned Home app for your smart devices to better privacy features, and a heavy focus on the lock screen, with new fonts, colors and themes to choose from. There’s also satellite calling coming to the newly announced iPhone 14 models, a feature coming in November 2022.
iPadOS 16, the latest version of the operating system designed for tablets, was launched yesterday.
Across: security affairs (Opens in a new tab)