Apple releases patch for iPhone and iPad 0-day reported by anonymous source

by
Dan Goodin
from Ars Technica - All content on (#65480)
zeroday-800x534.jpg

Enlarge (credit: Getty Images)

Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads.

In an advisory, Apple said that CVE-2022-42827, as the vulnerability is tracked, may have been actively exploited," using a phrase that's industry jargon for indicating a previously unknown vulnerability is being exploited. The memory corruption flaw is the result of an out-of-bounds write," meaning Apple software was placing code or data outside a protected buffer. Hackers often exploit such vulnerabilities so they can funnel malicious code into sensitive regions of an OS and then cause it to execute.

The vulnerability was reported by an anonymous researcher," Apple said, without elaborating.

Read 5 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments