On Monday Apple released a patch for a zero-day flaw that’s been actively exploited.
Tracking as CVE-2022-42827 described An out-of-bounds write issue was addressed with improved bounds checking. In the out-of-bounds write vulnerability, the software writes data past the end, or before the beginning, of the intended buffer, which can result in the corruption of data, a crash, or code execution.
Apple didn’t go into further details about the flaw other than acknowledging its “aware of a report that the issue may have been actively exploited“.
Apple also fixed a few other issues with this patch.
- CVE-2022-42808 – A remote user may be able to cause kernel code execution
- CVE-2022-42829 – An app with root privileges may be able to execute arbitrary code with kernel privileges
- CVE-2022-42830 – An app with root privileges may be able to execute arbitrary code with kernel privileges
- CVE-2022-42799 – Visiting a malicious website may lead to user interface spoofing
- CVE-2022-42823 – Processing maliciously crafted web content may lead to arbitrary code execution