Home / Threat Intelligence bulletins / Apple remediates zero-day vulnerability utilised in attacks against iPhones & iPads

Target Industry

Indiscriminate, opportunistic targeting.


Severity level: High – Compromise may result in the loss of confidentiality and integrity of data in the first instance.

Apple has released a number of security patches which include one for a zero-day vulnerability found to be under active exploitation affecting iPhone and iPad devices. Successful exploitation of this vulnerability would allow a threat actor to execute arbitrary code with kernel-level privileges. Apple has described this vulnerability as an “out-of-bounds write issue”, which is a form of buffer overflow vulnerability.

This vulnerability is being tracked as CVE-2022-42827.


Exploitation of CVE-2022-42827 occurs from installed mobile applications, where the applications are able to execute kernel-level code, which has the highest level of security privilege available on affected devices. Successful exploitation of CVE-2022-42827 could allow a threat actor to have full device control without a user being aware of the compromise.

Vulnerability Detection

Apple software versions, prior to iOS 16.1 for iPhone and iPadOS 16 for iPad, are susceptible to this vulnerability.

Affected Products

Apple software versions, prior to iOS 16.1 for iPhone and iPadOS 16 for iPad, are susceptible to this vulnerability. The vulnerability affects the following Apple iPhone and iPad models:

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later

Containment, Mitigations & Remediations

To prevent the successful exploit of this vulnerability, the Apple operating system must be updated to version, “iOS 16.1” within the context of iPhone. In terms of the iPad, this correlates to iPadOS 16. This can be achieved by performing the following steps:

  1. Navigate to “Settings”
  2. Select “General”
  3. Select “Software Update”
  4. Upgrade to iOS 16.1 (iPhone) / iPadOS 16 (iPad)

Indicators of Compromise

No current IOCs have been released by Apple.

Threat Landscape

Apple possesses approximately a 48% share of the smartphone market. Threat actors generally utilise a combination of “probability and asset value” to decide which attack surfaces to spend their time on. As a result, the Apple operating system becomes a prime target. Due to the fact that smartphones and tablets have become an integral aspect of both personal and business affairs, threat actors will continue to exploit vulnerabilities contained within these devices in an attempt to extract the sensitive information contained therein.

CISA has added CVE-2022-42827 to the list of known exploited vulnerabilities catalogue.

Threat Group

No threat actor has been attributed to this exploit.

Mitre Methodologies

T1210 – Exploitation of Remote Services

T1068 – Exploitation for Privilege Escalation

T1190 – Exploit Public-Facing Application

Further Information

Apple Security Release Notes


CISA Known Exploited Vulnerabilities Catalog

Bleeping Computer Article

Sophos Article

Intelligence Terminology Yardstick