Apple Security upgrades: Apple has issued additional security upgrades to backport earlier this week’s remedies to older iPhones and iPads, addressing an actively exploited zero-day problem.
Apple addressed the issue (CVE-2022-42827) for iPhone and iPad devices on Monday, October 24. If successfully abused in attacks, potential attackers can utilise it to execute arbitrary code with kernel privileges.
An anonymous researchers concluded the out-of-bounds write issue to Apple, which is caused by applications being able to write data outside the confines of the memory buffer.
Due to undefined or unanticipated outcomes (also known as memory corruption) from subsequent data sent to the buffer, this can result in data corruption, programme crashes, and code execution.
With better bounds checking, Apple patched the zero-day issue in iOS 15.7.1 and iPadOS 15.7.1 today.
iPhone 6s and after, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, as well as iPod touch are among the devices affected (7th generation).
Update your older devices to prevent attacks.
Apple acknowledged that the security issue “may have been actively exploited” in the wild, but has yet to reveal details about these attacks.
Despite the fact that this zero-day was most likely only exploited in targeted attacks, it is strongly recommended that even older devices be patched as soon as possible to prevent potential attack attempts.
On October 25, CISA added this zero-day vulnerability to its inventory of known exploited vulnerabilities, requiring Federal Civilian Executive Branch (FCEB) entities to fix it to guard “against active threats.”
- How to Block App Tracking on iPhone in 2022
- How to forward calls on iPhone in 2022
- Android Smartphones will be More Powerful than iPhones in 2023
This is Apple’s eighth zero-day repair since the beginning of the year:
- Apple fixed a bug in the iOS Kernel in September (CVE-2022-32917).
- In August, it patched two new zero-day vulnerabilities in the iOS kernel (CVE-2022-32894) and WebKit (CVE-2022-32893)
- Apple addressed two zero-day vulnerabilities in the Intel Graphics Driver (CVE-2022-22674) and AppleAVD in March (CVE-2022-22675).
- Apple published security upgrades in February to address another WebKit zero-day bug that was exploited to attack iPhones, iPads, and Macs.
- Apple addressed another set of zero-day vulnerabilities in January, allowing code execution with kernel privileges (CVE-2022-22587) and tracking web browsing activity (CVE-2022-22594).
Does Apple provide security updates to older iOS?
Apple claims that only the most recent updates offer full protection.
Even when a new update is made available, Apple continues to offer security fixes for previous software versions. For instance, even if iOS 16 was made available in September 2022, iOS 15 is still receiving upgrades from Apple.
What is the newest security update for Apple?
Along with the recently launched macOS Ventura, Apple now provides security updates for macOS 11 Big Sur and macOS 12 Monterey, and in the past, it has given security updates for earlier iOS versions for devices that can’t install the most recent patches.
Is the Apple security breach real?
A bogus pop-up notification called Apple Security Alert claims that your iOS device has been hacked and that your personal data is at risk. Users may receive this message by visiting a dubious website or by being rerouted if they have a PUP installation on their iPhone or Mac.
What is a Zero Day patch?
Zero-day vulnerabilities are flaws that are identified and aggressively disclosed or exploited before the relevant vendor can release a patch to correct the flaw.
How can I update my iPhone’s security?
Connect your gadget to electricity and the internet through Wi-Fi. Navigate to Settings > General, then Software Update. Select the software update you want to install. You can continue to use iOS or iPadOS 15 while receiving critical security updates.
How are zero-day attacks identified?
In most situations, hackers utilise code to exploit zero-day vulnerabilities. It is sometimes detected by an individual when the programme behaves suspiciously, or it may be recognised by the developer himself. Attackers have discovered a new path by taking use of a zero-day flaw in Google’s Android mobile operating system.