Vulnerabilities are inevitable, regardless of how careful the company is. Even the biggest tech names such as Apple might slip up. In fact, the company has been rolling out updates to remediate zero-day flaws since the beginning of 2022. And now, a ninth vulnerability has surfaced in iOS and iPadOS and it’s being actively exploited in the wild.
Yes, Apple had a year full of vulnerabilities, and now, it’s dealing with CVE-2022-42827 – a flaw that can cause a lot of damage and disruption to iPhones and iPads’ functionalities.
You might be asking: What is flaw all about? How dangerous can it be if an outside entity decides to exploit it in malicious activities? Here’s everything we know.
CVE-2022-42827 – Apple Vulnerability IX
Exploiting vulnerabilities has become an excellent method for cybercriminals to infiltrate their victims’ devices. With a name like Apple, you can expect millions to be impacted, provided an attack occurs.
As we mentioned, flaws and bugs are bound to happen – that’s why we get updates every now and then. The problem lies with vulnerabilities that are too complicated to patch up.
A lot of companies are still suffering from the Log4Shell flaw until now. There are a lot of practices cybercriminals can perform if a vulnerability happens to be exploited.
In Apple’s case, the CVE-2022-42827 weakness reflects an out-of-bounds write issue in the Kernel. If cybercriminals manage to exploit it, this could result in the corruption of data, a crash, or the execution of unauthorized code.
How Apple’s 2022 Has Been!
This is Apple’s ninth vulnerability this year. You can check the CVEs out below in case you missed out on any (The company fixed all the vulnerabilities in respective update patches):
- 2022-22587 (IOMobileFrameBuffer) – Threat actors can use malicious apps that allow code execution.
- 2022-22594 (WebKit Storage) – Allows certain websites to track sensitive user information.
- 2022-22620 (WebKit) – Cybercriminals might be able to execute arbitrary code.
- 2022-22674 (Intel Graphics Driver) – Allows select applications to read kernel memory.
- 2022-22675 (AppleAVD) – Applications can execute arbitrary code with kernel privileges.
- 2022-32893 (WebKit) – Arbitrary code execution via processing malicious content.
- 2022-32894 (Kernel) – Arbitrary code execution with kernel privileges via certain applications.
- 2022-32917 (Kernel) – Allows arbitrary code execution with the use of specific software.
Apple addressed the issue following a tip by an anonymous security researcher. Now, it has released an update that targets the iPad Pro (all models), iPad Air 3rd generation+, iPhone 8+, iPad mini 5th generation+, and iPad 5th generation+.
According to Apple, it didn’t release the update just to fix the vulnerability. In fact, this patch also solves 19 other security bugs.
That includes two flaws in WebKit, three in Point-to-Point Protocol (PPP), Core Bluetooth, IOKit, and Sandbox, as well as two in Kernel.
An Apple Vulnerability – 9th Time’s a Charm
2022 has been a busy year for Apple, with a total of 9 vulnerabilities so far. Fortunately, the company found out about them instantly and released the necessary updates to avoid any outside interference.
We all know how secure Apple products are. They implement limitations to guarantee the perfect customer online safety. However, any company can slip up, and vulnerabilities are bound to exist.
As long as Apple can disclose the incident and patch it up in time, every one of its customers should be perfectly fine.