It has been reported that tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Apple has been tight-lipped about the vulnerability, but any zero-day should be cause for concern, especially if it’s being exploited in the wild. If an attacker is able to write out of bounds, they could cause system crashes or execute arbitrary code in the kernel, which has high-level privileges. A lack of bounds checking commonly leads to buffer overflow attacks and off-by-one errors.