The zero-day vulnerability was patched in iOS 16.1 and iPadOS 16 after it was discovered in the wild

Since January, Apple has experienced around one zero-day vulnerability a month. The most recent was iOS 16, which may have been actively abused during the past month. Versions 16.1 and 16 of iOS and iPadOS were released by Apple earlier this week. Users of compatible devices should promptly update them.

To address a severe vulnerability, Apple published a patch for iOS 16 and iPad OS 16 on Monday. Attackers can run code with kernel-level privileges because of security flaws. On October 11, an unnamed bug hunter notified Apple of the issue. Cupertino confirmed that malicious parties might have already used this zero-day vulnerability.

Thanks to the vulnerability, an app might be able to commit an out-of-bounds write (CVE-2022-42827). This happens when the software tries to insert data before or after the desired buffer. The write generates memory corruption if not verified, which could cause the OS to crash or allow arbitrary code execution.

For instance, if the OS defines a memory array to have three items, writing to a fourth member causes an out-of-bounds error. Suppose the algorithm is not designed to handle that exception. In that case, a hacker could purposefully introduce the flaw and use it to run arbitrary code in a critical operating system component, such as the kernel (example below).

The zero-day vulnerability

The update fixes the bug with “enhanced boundaries checking,” according to the patch notes for iOS 16.1 and iPadOS 16. The iPhone 8 and after, all iPad Pro models, iPad Air models from the third generation and beyond, and iPad and iPad mini models from the fifth generation and later are among the impacted devices. Apple urges users to upgrade as soon as possible.

Zero-day vulnerability is relatively common. By definition, they are security holes that are discovered and fixed by third parties before the software manufacturer has an opportunity to do so on their own or with their assistance. Google researchers claim that this is Apple’s seventh release of the year. Since January, Microsoft has had five zero days, and Google has corrected seven of its own.

The emergency patch has 19 additional security improvements, including two more kernel-level weaknesses that might have allowed code execution. Before either could be used, researchers found both and informed Apple.

Also read: If you are looking for a best college essay writing service, you are surely on right place. Get complete information here.

Also read:  Do you know who is Mary Fanto and what was her death cause? Read here what happened to her.

Leave a Comment

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

Powered By
Best Wordpress Adblock Detecting Plugin | CHP Adblock