Following the Monday rollout of iOS 16.1 addressing a zero-day flaw, Apple is now offering the same security fix to older devices with the release of iOS 15.7.1.
The update, available for iPhone 6s and later, some older iPad models and even the last iPod touch ever produced by Apple, addresses a plurality of vulnerabilities, chiefly a zero-day flaw said to be actively exploited by threat actors.
Tracked as CVE-2022-42827 in the infosec community, the bug stems from an out-of-bounds write issue in the operating system’s underlying kernel code. Properly exploited, it can let an attacker execute code of their choosing for any desired effect – i.e. steal data or run malware.
The bug, discovered and reported to Cupertino by an anonymous researcher, is believed to have already been used in attacks.
“Apple is aware of a report that this issue may have been actively exploited,” reads the advisory.
CVE-2022-42827 is the ninth zero-day vulnerability discovered and patched in iOS so far this year.
16 other security flaws are addressed in iOS 15.7.1, making it imperative for users of older iDevices to deploy this patch ASAP.
While most attacks on Apple smartphones are highly-targeted, Bitdefender strongly recommends to use the latest iOS version at all times.
To update your iPhone or iPad, simply visit the Settings menu, choose General -> Software Update -> Download and Install.
The release of iOS 15.7.1 marks the third time this year Apple rolls out an out-of-band patch for older iPhones and iPads addressing a zero-day vulnerability that hackers are said to be actively exploiting.
In August, Apple released iOS 12.5.6 for devices as old as the iPhone 5S to address a zero-day that could be exploited remotely by getting the victim to access a malicious website - a one-click affair that could theoretically let a hacker completely take over the target device. In March, iOS 15.4.1 was issued to owners of older-generation devices under similar circumstances.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 19, 2024
November 14, 2024