Apple on Monday disclosed and patched a kernel-level zero-day vulnerability affecting many of its iOS devices.
The severity of the flaw is unknown, and the bug was submitted by an anonymous researcher.
The flaw affects the bulk of modern Apple devices:
- iPhone 8 and later
- iPad Pro, all models
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
Since the beginning of the year, Apple has patched up eight actively exploited zero-day weaknesses and one publicly known zero-day vulnerability.
Apple has stated that it is aware of a report of active exploitation. The company has not published publishes an official proof-of-concept (PoC).
CVE-2022-42827 is the latest zero-day disclosed for Apple devices this year. The vendor released emergency patches for two previously exploited bugs in March, and there have been numerous other zero-days affecting Apple products this year alone.
Apple has not recommended any workarounds. It is advised to update to the latest iOS version.