Active Exploitation of Zero-day Vulnerability in Apple Products

Published on 25 Oct 2022

Updated on 25 Oct 2022

Apple has released a security update to fix a zero-day vulnerability (CVE-2022-42827) in their products. The vulnerability is reportedly being actively exploited.

Successful exploitation of the vulnerability could allow an attacker to perform arbitrary code execution with kernel privileges on the affected products.

The vulnerability affects the following products:

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later

 

Users of affected products are advised to upgrade to the latest versions immediately.

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:

https://support.apple.com/en-us/HT213489

https://www.securityweek.com/apple-fixes-exploited-zero-day-ios-161-patch

https://www.bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-used-in-attacks-against-iphones-ipads/