Apple releases IOS and iPadOS patches for an actively exploited zero-day vulnerability.

On Monday Apple released a patch for a zero-day flaw that’s been actively exploited.

Tracking as CVE-2022-42827 described An out-of-bounds write issue was addressed with improved bounds checking. In the out-of-bounds write vulnerability, the software writes data past the end, or before the beginning, of the intended buffer, which can result in the corruption of data, a crash, or code execution.

Apple didn’t go into further details about the flaw other than acknowledging its “aware of a report that the issue may have been actively exploited“.

Apple also fixed a few other issues with this patch.

• CVE-2022-42808 – A remote user may be able to cause kernel code execution
• CVE-2022-42829 – An app with root privileges may be able to execute arbitrary code with kernel privileges
• CVE-2022-42830 – An app with root privileges may be able to execute arbitrary code with kernel privileges
• CVE-2022-42799 – Visiting a malicious website may lead to user interface spoofing
• CVE-2022-42823 – Processing maliciously crafted web content may lead to arbitrary code execution