Apple fixed the newly discovered zero-day vulnerability CVE-2022-42827 available in older iPhones and iPads that could be used to execute arbitrary code...

Continue reading
Apple has published new security upgrades that backport fixes announced earlier this week to older iPhones and iPads in order to address an actively exploited zero-day vulnerability.
Monday, October 24th, Apple released a fix for the vulnerability (CVE-2022-42827) affecting iPhone and iPad devices. If successfully exploited, it may be used by potential attackers to execute arbitrary code with kernel privileges.
An anonymous researcher informed Apple about the out-of-bounds write data, which occurs when the program can write data beyond the limits of the memory buffer.
Data corruption, program crashes, and code execution owing to undefined or unexpected effects (memory corruption) from subsequent data sent to the buffer are all possible outcomes.
Apple patched the zero-day issue in iOS 15.7.1 and iPadOS 15.7.1 with enhanced bounds checking today.
The affected devices include the iPhone 6s and subsequent models, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Patch your older gadgets to prevent attacks
Apple stated that the security issue _"may have been actively exploited"_ in the wild, although the company has yet to share details surrounding these attacks.
Even though this zero-day vulnerability was likely only exploited in targeted attacks, it is highly advised that even older devices be patched as soon as possible to thwart any attack efforts.
CISA listed this zero-day vulnerability to its inventory of known exploitable vulnerabilities on October 25, requiring Federal Civilian Executive Branch (FCEB) entities to apply a fix to safeguard _" against active attacks."_
Since the beginning of this year, Apple has patched nine zero-day vulnerabilities:

A publicly accessible registration portal, a misconfigured Entra tenant, and no server-side authorization checks. That was enough to reach the systems controlling live World Cup streams