Skip to main content

Zero-day vulnerability patched in iOS 16.1; active exploits may exist, says Apple

If you haven’t yet updated to iOS 16.1, you may want to do it sooner rather than later: Among the changes is a patch to a zero-day vulnerability. Apple says that exploits may be in active use.

The security vulnerability is of a type often exploited by hackers to enable them to run malicious code on targeted devices …

Apple listed it as a kernel vulnerability.

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-42827: an anonymous researcher

So-called zero-day vulnerabilities are ones that are discovered by others before they are known by the company itself. Arstechnica says that this brings Apple’s known zero-day vulnerability count this year to either eight or nine.

This spreadsheet maintained by Google researchers showed that Apple fixed seven zero-days so far this year, not including CVE-2022-42827. Counting this latest one would bring that Apple zero-day total for 2022 to eight. Bleeping Computer, however, said CVE-2022-42827 is Apple’s ninth zero-day fixed in the last 10 months […]

Besides CVE-2022-42827, the updates fix 19 other security vulnerabilities, including two in the kernel, three in Point-to-Point Protocol, two in WebKit, and one each in AppleMobileFileIntegrity, Core Bluetooth, IOKit, and this iOS sandbox.

As with any zero-day vulnerability, the risk to the average user is small. Most zero-days are either reported by security researchers or sold to nation-states by hackers – and will then generally be used in targeted attacks against specific individuals. However, the risk of wider-scale attacks is ever-present, so it’s always a good idea to keep your devices updated.

In addition to the security fixes, iOS 16.1 introduces support for Live Activities, Clean Energy Charging, iCloud Shared Photo Library, and much more. Check out the full release notes here. If you were running the beta, you’ll need to uninstall that first.

Photo: PxHere

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications