SOCRadar® Cyber Intelligence Inc. | Apple Releases Patch for Exploited Zero-Day


Oct 25, 2022
2 Mins Read

Apple Releases Patch for Exploited Zero-Day

Threat actors actively exploiting the remote code execution vulnerability tagged CVE-2022-42827. On compromised iOS devices, an application may be able to execute arbitrary code with kernel privileges, according to Apple’s advisory

There is no CVSS score assigned to this vulnerability.

The update fixes 19 more security flaws in addition to CVE-2022-42827, including two in the Kernel, three in Point-to-Point Protocol (PPP), two in WebKit, and one each in AppleMobileFileIntegrityCore BluetoothIOKitSandbox, and more.

Which iOS Versions are Vulnerable?

iOS versions before 16.1 are vulnerable to mentioned vulnerabilities. 

The security update is available for the following: 

  • iPhone 8 and later 
  • iPad Pro (all models) 
  • iPad Air 3rd generation and later 
  • iPad 5th generation and later
  • iPad mini 5th generation and later
You can stay up-to-date about trending CVEs on the SOCRadar Vulnerability Intelligence module.

Since the beginning of the year, Apple has patched up eight actively exploited zero-day weaknesses and one publicly known zero-day vulnerability. 

Apple has stated that it is aware of a report of active exploitation. The company has not published publishes an official proof-of-concept (PoC)

Apple has not recommended any workarounds. It is advised to update to the latest iOS version.