Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads.
In an advisory, Apple said that CVE-2022-42827, as the vulnerability is tracked, “may have been actively exploited,” using a phrase that’s industry jargon for indicating a previously unknown vulnerability is being exploited. The memory corruption flaw is the result of an “out-of-bounds write,” meaning Apple software was placing code or data outside a protected buffer. Hackers often exploit such vulnerabilities so they can funnel malicious code into sensitive regions of an OS and then cause it to execute.
The vulnerability was reported by an “anonymous researcher,” Apple said, without elaborating.