Issued: Wednesday, 26 October, 2022 |
Last Revision: Wednesday, 26 October, 2022 |
Vendor: |
Product: |
Severity Level: |
Apple has released security update to address Zero-Day flaw in iOS and iPadOS which has been actively exploited in the wild.
The vulnerability is identified as Out-of-bounds write issue in the kernel, which could be abused by rouge application to execute arbitrary code with the highest privileges.
Successfully exploitation of vulnerability could allow potential attackers to execute arbitrary code with kernel privileges, which can result in data corruption, application crashes, or code execution.
| CVE/Vulnerability | Description | Severity | Exploitable |
| |
| CVE-2022-42827 | Out-of-bounds write issue in the kernel | Critical | Yes |
| |
| CVE-2022-42825 | An app may be able to modify protected parts of the file system | Critical | No |
| |
| CVE-2022-28739 | A memory corruption issue was addressed by updating Ruby | Critical | No |
| |
| CVE-2022-32862 | An app with root privileges may be able to access private information | Critical | No |
| |
Table 1: Vulnerability details
|
| |||
| CVE/Vulnerability | Product(s) Detail |
| |
| CVE-2022-42827 | Prior to iOS 16.1 Prior to iPadOS 16 |
| |
| CVE-2022-42825 CVE-2022-28739 CVE-2022-32862 | macOS Big Sur 11.7.1 macOS Monterey 12.6.1 |
| |
| Multiple | macOS Ventura 13 |
| |
Table 2: Vulnerable versions
Apple recommends to update the versions of affected products at earliest. For macOS Ventura 13 vulnerability details please Refer to "REFERENCES"