← back
CVE-2022-42827

CVE-2022-42827

CVSS 7.8 HIGHEPSS 1.1%● KEVCWE-787
In short

A flaw in iOS and iPadOS allows an app to write data beyond intended memory boundaries, potentially letting it run malicious code with system-level permissions. This is dangerous because it can give attackers complete control over your device.

Technical detail

An out-of-bounds write vulnerability (CWE-787) in iOS/iPadOS kernel memory handling allows a local application to write beyond allocated buffer boundaries. Exploitation requires a malicious app installed on the device and results in arbitrary code execution with kernel privileges, bypassing normal security protections.

Summary generated and translated by AI from the official description.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT213489https://support.apple.com/en-us/HT213490https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42827