Apple has released fixes for a zero-day vulnerability (CVE-2022-42827) exploited by attackers to compromise iPhones and iPads.
CVE-2022-42827 is an out-of-bounds write issue in the iOS and iPadOS kernel, which can be exploited to allow a malicious application to execute arbitrary code with kernel privileges. This type of vulnerability is dangerous because it can be easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working. Apple has stated they are aware of a report that this issue may have been actively exploited, but did not offer any further details on it.
The issue was reported by an anonymous researcher, and has been fixed with improved bounds checking in iOS 16.1 and iPadOS 16, which is available for:
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
We recommend checking your iPhone(s) and iPad(s) for software updates, and always keeping them on the latest version. If you are on a software version subject to the vulnerability, Apple will have made the released software update with fixes available to you.