Apple issued a slew of security updates to go along with its new operating systems for its Macs and devices this week.
But the most serious security issues from the Cupertino, California-based tech giant were for a zero-day vulnerability in the operating systems for iPhones and iPads, which have been actively exploited in the wild.
Similar to past security updates this year, the most recent zero-day (CVE-2022-42827) allowed arbitrary code execution with kernel privileges and was addressed by improving bounds checking. The fixes are for iPhone 8 and later, as well as all iPad Pro models, iPad Air 3rd generation or later, iPad 5th generation or later and iPad mini 5th generation or later.
As a number of tech media and security blogs have reported, Apple has not shared much specifics about the vulnerability and acknowledged only an anonymous researcher for discovery.
Sophos’ Paul Ducklin put it succinctly at Naked Security: “Apple hasn’t said which cybercrime group or spyware company is abusing this bug, dubbed CVE-2022-42827, but given the high price that working iPhone zero-days command in the cyberunderworld, we assume that whoever is in possession of this exploit [a] knows how to make it work effectively and [b] is unlikely to draw attention to it themselves, in order to keep existing victims in the dark as much as possible.”
As BleepingComputer noted in its reporting, this is the ninth zero-day vulnerability used in attacks against iPhones since the start of the year.
Users of the iPhone and iPads are urged to download the updates and patch their devices as soon as possible. Patches were also released for Apple’s Mac operating systems Big Sur and Monterey, as well as Safari 16.1, watchOS 9.1 and tvOS 16.1.