>
Apple has released a fix for another new zero-day vulnerability that is actively being used in the wild — bringing the total number of such vulnerabilities fixed to nine this year.
The flaw, discovered in both Apple smartphones and tablets, is described as an out-of-bounds write problem that threat actors can use to execute arbitrary code with kernel privileges on vulnerable endpoints (opens in new tab)this vulnerability is now tracked as CVE-2022-42827.
It was reported anonymously to tech giant Cupertino, Security matters reported, and has been addressed through improved border control for iOS 16.1 and iPadOS 16.
Nine zero days this year alone
“Apple is aware of a report that this issue may have been actively exploited.” Apple’s security advisory reads.
Users with an iPhone 8 and newer smartphone (opens in new tab)Any iPad Pro model, iPad Air 3rd generation and later, iPad 5th generation and later, or iPad mini 5th generation and later must apply the latest updates immediately as they are vulnerable to this zero-day.
This is the ninth zero-day vulnerability that Apple has addressed this year, following two fixes in January (CVE-2022-22587 and CVE-2022-22594), one in February (CVE-2022-22620), two in March ( CVE-2022-22674 and CVE-2022-22675), one in May (CVE-2022-22675), one in August (CVE-2022-32894), and one in September (CVE-2022-32917).
CVE-2022-32917, fixed last month, allows malicious apps to run arbitrary code with kernel privileges, just like this latest zero-day. This too was resolved with improved border controls.
iOS 16, Apple’s latest version of its mobile phone operating system, was released in mid-September this year. This release brought improvements to many apps, from a redesigned Home app for your smart devices to better privacy features and a big focus on the lock screen, with new fonts, colors and themes to choose from. Satellite calling is also coming to the newly announced iPhone 14 models, a feature set to become available in November 2022.
iPadOS 16, the latest version of the operating system designed for tablets, was released yesterday.
Through: Security matters (opens in new tab)