Headline
iPhone zero-day. Update your devices now!
Categories: News Tags: iPhone
Tags: iPad
Tags: Apple
Tags: zero day
Tags: exploit
Tags: bug
Tags: threat
Tags: CVE-2022-42847
A zero-day bug that affects iPhones and iPads is being exploited in the wild
(Read more…)
The post iPhone zero-day. Update your devices now! appeared first on Malwarebytes Labs.
It’s time to update your Apple devices to ward off a zero-day threat discovered by an anonymous researcher.
As is customary for Apple, the advisory revealing this attack is somewhat threadbare, and doesn’t reveal a lot of information with regard to what’s happening, but if you own an iPad or iPhone you’ll want to get yourself on the latest version.
The zero-day is being used out in the wild, and Apple holding back the specifics may be enough to slow down the risk of multiple threat actors taking advantage of the issue, known as CVE-2022-42827. However, Apple’s lack of detail means it’s not possible to explain what to watch out for if you think your device may have been compromised.
The vulnerability affects the kernel code, the core of the software that operates the device. It can be abused to run remote code execution attacks, which can lead to issues like crashing and / or data corruption. According to Apple, the issue impacts:
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
At time of writing, there is very little you can do other than fire up your Apple product and make your way to the updates section. There is no reason to panic, but no need to delay either.
How to update your device
It’s entirely possible that your device is already set to update automatically. If so, then you shouldn’t have to worry about this one: Your device will do it all for you. If not, and your device is on the list above, don’t worry. The route to updating your iPhone or iPad is very standard across the board, no matter which specific flavour you happen to be running:
Plug into a power source and enable Wi-Fi
Select Settings > General, and then Software Update.
Select your desired update(s) and begin the install process.
Automatic updates can be applied like so:
Settings > General > Software Update
Select Automatic Updates, and then enable Download iOS Updates
Turn on Install iOS Updates.
Finally, for Rapid Security Response updates (which ensures important security fixes are applied as soon as possible):
Settings > General > Software Update
Select Automatic Updates
Enable the Security Responses & System Files option
There have been numerous publicly documented zero-day attacks aimed at Apple products this year. While most of these tend to be quite targeted and specific, there is absolutely no harm in getting into the habit of updating. It doesn’t just help to protect you from issues such as the one above, but many other potentially less serious issues too.
Stay safe out there!
Related news
Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.
Supply chain attacks were all the rage in 2020 after SolarWinds, but we seem to have forgotten how important they are.
A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August
Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of