iPhone - iPad - CVE-2022-42827

Apple has fixed the zero-day flaw CVE-2022-42827!

Apple has released new security updates that address various vulnerabilities, including a zero-day security flaw exploited in attacks. iPhones and iPads are affected by this vulnerability.

The security vulnerability is associated with the reference CVE-2022-42827 and it’s a bug like “Out-of-bounds Write“, which means that data is written outside the memory buffer. Typically, this can lead to data corruption, a crash or code execution. This is confirmed because Apple claims that if an attacker manages to exploit this vulnerability, it can run code on the vulnerable device with kernel privileges.

The Cupertino company also specifies: “Apple is aware of a report that this issue may have been actively exploited.” – No certainty and there is no evidence, but obviously this vulnerability would be exploited in the context of attacks.

Which models are affected?

According to the Apple Security Bulletin, CVE-2022-42827 affects many devices. Here is a list:

  • All “iPhone” models from iPhone 8
  • iPad Pro (all versions)
  • iPad Air 3rd generation and above
  • iPad 5th generation and above
  • iPad Mini 5th generation and above

To protect themselves, users should install the latest versions of the system: iOS 16.1 et iPadOS 16.

Reported to Apple by an anonymous security researcher, this vulnerability is not the only one corrected by the American company. In effect, the security bulletin mentions no less than 20 different vulnerabilities and now corrected.

Since the start of 2022, this has been the 9th zero-day security breach corrected by Apple. In September, it was CVE-2022-32917 present in the iOS kernel, as was CVE-2022-32894 patched last August, along with CVE-2022-22675 in WebKit.

To your updates!

Source

Mobile,Sécurité,Apple,

#Apple #fixed #zeroday #flaw #CVE202242827

Leave a Comment

Your email address will not be published. Required fields are marked *