Apple is rolling out the first major incremental update for iOS 16 users, delivering not just extra oomph and squashed bugs, but also a good dose of security fixes – including a fix for a critical flaw that hackers are said to be exploiting in the wild.
iOS 16.1 targets iPhone 8 and newer models, as well as most iPad models in circulation. A total of 19 vulnerabilities are addressed in the update, including a particularly nasty flaw that can be exploited to take over the device.
Tracked as CVE-2022-42827, the bug was submitted by an anonymous researcher who found that a threat actor can exploit a Kernel weakness and “execute arbitrary code with kernel privileges.”
Apple tersely describes the flaw as an “out-of-bounds write issue,” which iOS 16.1 patches with improved bounds checking. The Cupertino-based tech giant holds back granular technicalities to keep aspiring hackers from using that knowledge against iOS users.
Yet Apple does make it clear that some malicious minds have become well acquainted with the flaw and are likely using it against people in the real world.
“Apple is aware of a report that this issue may have been actively exploited,” the company states in the advisory.
Another kernel flaw addressed in this release, tracked as CVE-2022-42808, could theoretically be chained to the previous one to gain complete remote access to the victim’s phone.
“A remote user may be able to cause kernel code execution,” reads the description.
While iOS attacks are generally precisely targeted – and indeed very rare, compared to other ecosystems – they are typically very dangerous, compromising critical figures like government officials, journalists, activists, dissidents, academics, and business people.
Apple has addressed nine zero-day flaws so far this year.
In addition to iOS 16.1, Apple this week deployed individual security fixes for three macOS versions, including older versions still supported officially by the company. Individual updates are also available for Apple TV and Apple Watch users.
Bitdefender strongly encourages Apple customers to always use the newest OS version eligible for their device to ensure the latest security patches are applied.
To update your iPhone or iPad, go to Settings -> General -> Software Update, and choose Download and Install.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024