Endpoint/Device Security, Application security, Vulnerability Management

Apple fixes latest zero-day vulnerability to hit iOS devices

New iPhone 14 Pros are displayed on stands at an event
Apple released a number of security updates this weeks for its products, including patches for the latest zero-day vulnerability to affect its iPhones and iPads. (Photo by Justin Sullivan/Getty Images)

Apple issued a slew of security updates to go along with its new operating systems for its Macs and devices this week.

As Sophos’ Naked Security blog noted, Apple made over 100 security updates Monday for its newly released macOS 13 Ventura. 

But the most serious security issues from the Cupertino, California-based tech giant were for a zero-day vulnerability in the operating systems for iPhones and iPads, which have been actively exploited in the wild. 

Similar to past security updates this year, the most recent zero-day (CVE-2022-42827) allowed arbitrary code execution with kernel privileges and was addressed by improving bounds checking. The fixes are for iPhone 8 and later, as well as all iPad Pro models, iPad Air 3rd generation or later, iPad 5th generation or later and iPad mini 5th generation or later. 

As a number of tech media and security blogs have reported, Apple has not shared much specifics about the vulnerability and acknowledged only an anonymous researcher for discovery.

Sophos’ Paul Ducklin put it succinctly at Naked Security: “Apple hasn’t said which cybercrime group or spyware company is abusing this bug, dubbed CVE-2022-42827, but given the high price that working iPhone zero-days command in the cyberunderworld, we assume that whoever is in possession of this exploit [a] knows how to make it work effectively and [b] is unlikely to draw attention to it themselves, in order to keep existing victims in the dark as much as possible.”

As BleepingComputer noted in its reporting, this is the ninth zero-day vulnerability used in attacks against iPhones since the start of the year.

Users of the iPhone and iPads are urged to download the updates and patch their devices as soon as possible. Patches were also released for Apple’s Mac operating systems Big Sur and Monterey, as well as Safari 16.1, watchOS 9.1 and tvOS 16.1.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.