Apple has issued a slew of security updates amid reports that its iOS devices are being actively exploited via a zero-day vulnerability in the kernel.
Because of the out-of-bound write flaw, designated CVE-2022-42827, any iOS application “may be able to execute arbitrary code with kernel privileges,” it warns in a security bulletin.
While Apple says that it “is aware of a report that this issue may have been actively exploited,” it hasn’t attributed such exploits to any specific cybercrime or nation-state group.
Out-of-bounds writing refers to writing data before the beginning or after the end of a buffer. “Typically, this can result in corruption of data, a crash or code execution,” Mitre’s Common Weakness Enumeration website warns.
