High-risk vulnerability targeting iPhone and iPad |
On Monday, Apple released iOS 16.1 for iPhones, which fixed 20 security issues, one of which was used for attacks.
Apple hasn't shared many details about the security fixes in iOS 16.1 to prevent attackers from getting more information they need to launch an attack.
The vulnerability (CVE-2022-42827) is in the kernel of the iPhone operating system and was exploited to allow an attacker to execute malicious code running with the highest privileges in the kernel of the iPhone operating system, even though the phone has been running on Apple for about a month. It was previously released from iOS 16.
Apple räumte ein, dass ihm ein Bericht bekannt war, wonach die Schwachstelle aktiv ausgenutzt wurde und dass die in iOS 16.1 behobenen Probleme mehrere Probleme auf Kernel-Ebene beinhalteten, von dengenen einige aus der z wernnöründ iPhone aus iPhone Receipt.
Other bugs fixed in iOS 16.1 include various issues with WebKit, the engine that powers Apple's Safari browser.
What is known about this vulnerability (CVE-2022-42827) so far?
This format vulnerability (zero-day) operates at the operating system kernel level, which means that it allows hackers to place code or data outside of protected buffers and gain access to sensitive data that is normally only accessible to system administrators or information.
Zero-day exploits are among the most dangerous as they can be exploited remotely to trick victims into opening specially designed files or applications. After a successful exploit of this vulnerability, an attacker can access sensitive information, execute arbitrary code, or disallow terms of service on the target system.
This vulnerability affects the latest Apple devices:
- iPhone 8 and later.
- iPad Pro and iPad Air 3rd generation and later.
- iPad 5th generation and above.
- iPad mini 5th generation and up.
What should you do to protect your iPhone and iPad?
The most dangerous vulnerability (CVE-2022-42827) is that it has been used in real attacks that might target a small number of people, such as: B. Pegasus spyware attack. But the details available are very limited and the only way to protect is to update to iOS 16.1 or iPadOS 16 as soon as possible.
The new iPhone security update for iOS 16.1 is especially significant because it fixes 13 security vulnerabilities that could allow arbitrary code execution and 9 vulnerabilities that run at the operating system kernel level.
“The iOS 16.1 update fixes some high-risk issues that would allow attackers to gain full access to the device,” said security researcher Shaun Wright.