Home>Blog>The Hacker News Headlines>Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability
The Hacker News Headlines

Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability

Tech giant Apple on Monday rolled out updates to remediate a
zero-day flaw in iOS and iPadOS that it said has been actively
exploited in the wild.

The weakness, given the identifier CVE-2022-42827[1], has been described as
an out-of-bounds write issue in the Kernel, which could be abused
by a rogue application to execute arbitrary code with the highest
privileges.

Successful exploitation of out-of-bounds
write[2] flaws, which typically
occur when a program attempts to write data to a memory location
that’s outside of the bounds of what it is allowed to access, can
result in corruption of data, a crash, or execution of unauthorized
code.

The iPhone maker said it addressed the bug with improved bounds
checking, while crediting an anonymous researcher for reporting the
vulnerability.

As is usually the case with actively exploited zero-day flaws,
Apple refrained from sharing more specifics about the shortcoming
other than acknowledging that it’s “aware of a report that this
issue may have been actively exploited.”

CVE-2022-42827 is the third consecutive Kernel-related
out-of-bounds memory vulnerability to be patched by Apple after
CVE-2022-32894[3]
and CVE-2022-32917[4], the latter two of which
have also been previously reported to be weaponized in real-world
attacks.

CyberSecurity

The security update is available for iPhone 8 and later, iPad
Pro (all models), iPad Air 3rd generation and later, iPad 5th
generation and later, and iPad mini 5th generation and later.

With the latest fix, Apple has closed out eight actively
exploited zero-day flaws and one publicly-known zero-day
vulnerability since the start of the year –

  • CVE-2022-22587[5] (IOMobileFrameBuffer) –
    A malicious application may be able to execute arbitrary code with
    kernel privileges
  • CVE-2022-22594[6] (WebKit Storage) – A
    website may be able to track sensitive user information (publicly
    known but not actively exploited)
  • CVE-2022-22620[7] (WebKit) – Processing
    maliciously crafted web content may lead to arbitrary code
    execution
  • CVE-2022-22674[8] (Intel Graphics Driver)
    – An application may be able to read kernel memory
  • CVE-2022-22675[9] (AppleAVD) – An
    application may be able to execute arbitrary code with kernel
    privileges
  • CVE-2022-32893[10] (WebKit) – Processing
    maliciously crafted web content may lead to arbitrary code
    execution
  • CVE-2022-32894[11] (Kernel) – An
    application may be able to execute arbitrary code with kernel
    privileges
  • CVE-2022-32917[12] (Kernel) – An
    application may be able to execute arbitrary code with kernel
    privileges

Aside from CVE-2022-42827, the update also addresses 19 other
security vulnerabilities, including two in Kernel, three in
Point-to-Point Protocol (PPP), two in WebKit, and one each in
AppleMobileFileIntegrity, Core Bluetooth, IOKit, Sandbox, and
more.

References

  1. ^
    CVE-2022-42827
    (support.apple.com)
  2. ^
    out-of-bounds write
    (cwe.mitre.org)
  3. ^
    CVE-2022-32894
    (thehackernews.com)
  4. ^
    CVE-2022-32917
    (thehackernews.com)
  5. ^
    CVE-2022-22587
    (thehackernews.com)
  6. ^
    CVE-2022-22594
    (thehackernews.com)
  7. ^
    CVE-2022-22620
    (thehackernews.com)
  8. ^
    CVE-2022-22674
    (thehackernews.com)
  9. ^
    CVE-2022-22675
    (thehackernews.com)
  10. ^
    CVE-2022-32893
    (thehackernews.com)
  11. ^
    CVE-2022-32894
    (thehackernews.com)
  12. ^
    CVE-2022-32917
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.