Apple released iOS and iPadOS 16.1 yesterday and there are many new features to enjoy: Live Activities, iCloud Shared Photo Library, Clean Energy Charging, and more. But far more important is a much smaller update that you won’t even notice is there.
iOS 16.1 includes some 20 security updates for a range of applications, but one is particularly concerning. The vulnerability is an “out-of-bounds write issue” in the Kernel that could give an attacker access to your entire machine. Here’s the description of the issue from Apple’s security page:
Kernel
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
- Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2022-42827: an anonymous researcher
The CVE entry appears to be only for iOS/iPadOS 16-based iPhones and iPads, and isn’t included in any other update Apple released Monday. However, Apple didn’t push the iOS 15.7.1 update yet due to issues with Face ID in the release candidate, so it’s possible the flaw is still present in devices running iOS 15.7.