If you haven’t yet updated to iOS 16.1, you may want to do it sooner rather than later: Among the changes is a patch to a zero-day vulnerability. Apple says that exploits may be in active use.
The security vulnerability is of a type often exploited by hackers to enable them to run malicious code on targeted devices …
Apple listed it as a kernel vulnerability.
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-42827: an anonymous researcher
So-called zero-day vulnerabilities are ones that are discovered by others before they are known by the company itself. Arstechnica says that this brings Apple’s known zero-day vulnerability count this year to either eight or nine.
This spreadsheet maintained by Google researchers showed that Apple fixed seven zero-days so far this year, not including CVE-2022-42827. Counting this latest one would bring that Apple zero-day total for 2022 to eight. Bleeping Computer, however, said CVE-2022-42827 is Apple’s ninth zero-day fixed in the last 10 months […]
Besides CVE-2022-42827, the updates fix 19 other security vulnerabilities, including two in the kernel, three in Point-to-Point Protocol, two in WebKit, and one each in AppleMobileFileIntegrity, Core Bluetooth, IOKit, and this iOS sandbox.
As with any zero-day vulnerability, the risk to the average user is small. Most zero-days are either reported by security researchers or sold to nation-states by hackers – and will then generally be used in targeted attacks against specific individuals. However, the risk of wider-scale attacks is ever-present, so it’s always a good idea to keep your devices updated.
In addition to the security fixes, iOS 16.1 introduces support for Live Activities, Clean Energy Charging, iCloud Shared Photo Library, and much more. Check out the full release notes here. If you were running the beta, you’ll need to uninstall that first.
FTC: We use income earning auto affiliate links. More.