Apple on Thursday released the security updates for older iPhones, iPads, and iPods that backport the patches released earlier this week.
This patch is for securing a critical zero-day bug that’s termed as an out-of-bounds write issue in iPhones and iPads. Apple warned that there could be active exploitation of this bug in the wild, so it recommended applying the security update.
A Zero-Day Bug in iPhones
After being informed by an anonymous researcher, Apple acknowledged and released the patch for a zero-day vulnerability, tracked as CVE-2022-42827, earlier this week.
This bug was so critical that Apple said a successful hacker could attain the kernel privileges of the target device by executing an arbitrary code right after exploitation. Termed the out-of-bounds write issue, Apple noted the big to be triggered by the software being able to write data outside the boundaries of the memory buffer.
This would result in data corruption, application crashes, and code execution as undefined data is written to the buffer. This issue is prevailing in all the iPhones from model 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
While this bug is widely used in targeted attacks, it’s suggested that everyone apply the necessary security update to safeguard themselves. On Monday, Apple released iOS 15.7.1 and iPadOS 15.7.1 to patch this bug, with backported updates for older devices released now.
Apple noted that this bug “may have been actively exploited” in the wild without mentioning more details on the incidents. It’s so serious that CISA added this zero-day bug to its Known Exploited Vulnerabilities list on October 25th, forcing its Federal Civilian Executive Branch (FCEB) agencies to patch it immediately.