Apple fixed the ninth actively exploited zero-day this year

Apple released security updates that addressed the ninth zero-day vulnerability actively exploited in the wild since the start of the year. 

Apple has addressed the ninth zero-day vulnerability exploited in attacks in the wild since the start of the year. The vulnerability, tracked as CVE-2022-42827, is an out-of-bounds write issue that can be exploited by an attacker to execute arbitrary code with kernel privileges.

The flaw was reported to Apple by an anonymous researcher, the company addressed it with improved bounds checking in iOS 16.1 and iPadOS 16.

“Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by Apple.

The vulnerability impacts iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later.

Apple users are recommended to immediately update their devices to mitigate exposure to attack attempts.

Apple has addressed other eight zero-day vulnerabilities since January, below is the list of fixed issues:

• January 2022: CVE-2022-22587 and CVE-2022-22594.
• February 2022: CVE-2022-22620.
• March 2022: CVE-2022-22674 and CVE-2022-22675.
• May 2022: CVE-2022-22675
• August 2022: CVE-2022-32894
• September 2022: CVE-2022-32917.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Apple zero-day)

The post Apple fixed the ninth actively exploited zero-day this year appeared first on Security Affairs.