CVE-2022-42827
published 2022-11-01CVE-2022-42827: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An…
PriorityP182high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-11-15
Exploited in the wild
EPSS
1.14%
62.5th percentile
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.7.1_and_ipados | — | — |
| apple | ios_16.1_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 16.1 | 16.1 |
| apple | ios_and_ipados | >= unspecified < 15.7 | 15.7 |
| apple | ipados | < 15.7.1 | 15.7.1 |
| apple | iphone_os | < 15.7.1 | 15.7.1 |
| apple | iphone_os | >= 16.0 < 16.1 | 16.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-42827 is an out-of-bounds write in the iOS/iPadOS Kernel exploitable via an attacker-controlled app to achieve kernel code execution; monitor for suspicious app-level processes attempting kernel privilege escalation on iOS 15.x/16.x devices prior to patched versions. ↗
- →This is the third consecutive Kernel out-of-bounds memory vulnerability patched by Apple; correlate with prior in-the-wild exploitation of sibling CVEs CVE-2022-32894 and CVE-2022-32917 to identify threat actor patterns targeting Apple kernel memory. ↗
- →Apple confirmed active exploitation in the wild; treat any unpatched iOS/iPadOS device (pre-iOS 15.7.1 / pre-iOS 16.1 / pre-iPadOS 16) as actively at risk and prioritize detection of kernel-privilege anomalies on those versions. ↗
- →CISA mandated remediation by 2022-11-15; use MDM/EDM telemetry to identify unpatched Apple iOS and iPadOS endpoints still running vulnerable versions as a detection/triage signal. ↗
- ·The vulnerability is in the Kernel component; exploitation requires delivery via an attacker-controlled application, meaning the initial attack vector is app-layer (not network-facing), limiting network-based detection opportunities. ↗
- ·No public exploit code, malware samples, hashes, C2 infrastructure, or specific attacker tooling were disclosed in any of the sources; IOC-based detection is not currently possible from available intelligence. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2022-42827: iOS 15.7.1 and iPadOS 15.7.1
vendor_apple·2022-10-27·CVSS 7.8
CVE-2022-42827 [HIGH] CVE-2022-42827: iOS 15.7.1 and iPadOS 15.7.1
Apple Security Update: About the security content of iOS 15.7.1 and iPadOS 15.7.1
Product: iOS 15.7.1 and iPadOS
Version: 15.7.1
CVE: CVE-2022-42827
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CISA
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
cisa·2022-10-25·CVSS 7.8
CVE-2022-42827 [HIGH] CWE-20 Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Vulnerability: Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Affected: Apple iOS and iPadOS
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
Required Action: Apply updates per vendor instructions.
Notes: https://support.apple.com/en-us/HT213489; https://nvd.nist.gov/vuln/detail/CVE-2022-42827
Remediation Due Date: 2022-11-15
Apple
CVE-2022-42827: iOS 16.1 and iPadOS 16
vendor_apple·2022-10-24·CVSS 7.8
CVE-2022-42827 [HIGH] CVE-2022-42827: iOS 16.1 and iPadOS 16
Apple Security Update: About the security content of iOS 16.1 and iPadOS 16
Product: iOS 16.1 and iPadOS
Version: 16
CVE: CVE-2022-42827
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
GHSA
GHSA-4pr5-h4qv-336x: An out-of-bounds write issue was addressed with improved bounds checking
ghsa_unreviewed·2022-11-02
CVE-2022-42827 [HIGH] CWE-787 GHSA-4pr5-h4qv-336x: An out-of-bounds write issue was addressed with improved bounds checking
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
VulnCheck
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
vulncheck·2022·CVSS 7.8
CVE-2022-42827 [HIGH] CWE-20 Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
Affected: Apple iOS and iPadOS
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://support.apple.com/kb/HT213489; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://support.apple.com/kb/HT213490; https://raw.githubusercontent.com/blackorbird/APT_REPORT/master/summary/2023/360_APT_Annual_Research_Report_2022.pdf
Remediation Due: 2022-11-15
No detection rules found.
No public exploits indexed.
Tenable
Mind the Gap: A Closer Look at Eight Notable CVEs from 2022
blogs_tenable·2023-05-09
Mind the Gap: A Closer Look at Eight Notable CVEs from 2022
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
blogs_talos·2022-10-27
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
## Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
Welcome to this week’s edition of the Threat Source newsletter.
There are plenty of jokes about whether we’re “aware” of cybersecurity during National Cybersecurity Awareness Month. But now I’m wondering if people are aware of supply chain attacks.
I thought we hit the pinnacle of supply chain attacks in 2020 with the SolarWinds attack , when these types of attacks dominated headlines and defenders started shouting from the mountaintops about how important it is to be ready for supply chain attacks.
And then Kaseya came along a few months later when attackers found a different way to deploy malicious updates that were disguised as legitimate patches.
And still today, we’re warning abo
Talos
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
blogs_talos·2022-10-27
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
Welcome to this week’s edition of the Threat Source newsletter.
There are plenty of jokes about whether we’re “aware” of cybersecurity during National Cybersecurity Awareness Month. But now I’m wondering if people are aware of supply chain attacks.
I thought we hit the pinnacle of supply chain attacks in 2020 with the SolarWinds attack, when these types of attacks dominated headlines and defenders started shouting from the mountaintops about how important it is to be ready for supply chain attacks.
And then Kaseya came along a few months later when attackers found a different way to deploy malicious updates that were disguised as legitimate patches.
And still today, we’re warning about the dangers of how prevalent supply chain attacks are and how everyone needs to be ready for this att
2022-11-01
Published
2022-10-25
Added to CISA KEV
Exploited in the wild