Apple released new updates earlier this week that patch zero-day vulnerabilities in iOS and iPadOS devices. The flaws fixed in the latest updates have reportedly been exploited in the wild by threat actors. One of the flaws is an out-of-bounds write issue in the kernel and could be exploited by rogue applications, leading to arbitrary code execution. Apple was alerted to the fact that this flaw, tracked as CVE-2022-42827, could have been exploited in the wild.
The updates apply to iPhone models 8 and later, iPad Pro, iPad 5th generation and later, iPad Air 3rd generation and later, and iPad mini 5th generation and later. Apple credited an anonymous researcher with discovering the vulnerability. The latest Apple update also patches 19 other security vulnerabilities, all of which could lead to arbitrary code execution. There have been at least eight documented zero-day attacks detected in the wild against Apple devices this year.