⚠ Actively exploited
Added to CISA KEV on 2022-10-25. Federal agencies required to patch by 2022-11-15. Required action: Apply updates per vendor instructions..

CVE-2022-42827Out-of-bounds Write in Apple IOS AND Ipados

CWE-787Out-of-bounds WriteCWE-20Improper Input Validation9 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 62.38%
CISA KEV
KEV
Added 2022-10-25
Due 2022-11-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Apple IOS AND IpadosApple IpadosApple Iphone OS+2 more
Timeline
KEV addedOct 25
PublishedNov 1
KEV dueNov 15
Latest updateMay 9
CISA Required Action: Apply updates per vendor instructions.

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDapple/ipados< 15.7.1
CVEListV5apple/ios_and_ipadosunspecified16.1+1
NVDapple/iphone_os16.016.1+1

🔴Vulnerability Details

2
GHSA
GHSA-4pr5-h4qv-336x: An out-of-bounds write issue was addressed with improved bounds checking2022-11-02
VulnCheck
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability2022

📋Vendor Advisories

3
Apple
CVE-2022-42827: iOS 15.7.1 and iPadOS 15.7.12022-10-27
CISA
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability2022-10-25
Apple
CVE-2022-42827: iOS 16.1 and iPadOS 162022-10-24

🕵️Threat Intelligence

3
Tenable
Mind the Gap: A Closer Look at Eight Notable CVEs from 20222023-05-09
Talos
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?2022-10-27
Talos
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?2022-10-27