Malicious Audio Hits iOS - ThreatWire
Added 2022-11-03 16:02:38 +0000 UTCApple released a slew of updates to their line of products and software, some of which were actively exploited in the wild. iPadOS and iOS received a patch to fix a zero day which is ID’ed as CVE-2022-42827, is an out of bounds write issue within the kernel, allowing an attacker to execute arbitrary code with escalated privileges. The problem was disclosed by an anonymous researcher and very few technical details are known.
We do know this affects all models of iPad Pros, iPad Air 3rd gen, iPad 5th gen, iPad mini 5th gen, and iPhone 8 and later models of the above. Apple updated their patch to be backported to even more versions of their OS’s after the initial release, to later include iPhone 6s, iPad Air 2, ipad 5th gen, ipad mini 4th gen, and ipod touch 7th gen. The advisory was also updated to reflect the newly discovered issues, now to include iOS 15.7.1 and iPadOS 15.7.1.
Other zero days were also fixed in this newest update, 19 total, which affect a variety of firmware including the kernel, webkit, bluetooth, IOkit, sandbox, and more. The full list contained within the security update for iOS 16.1 and iPadOS 16 include some interesting new disclosures:
Researchers discovered: an issue with audio which could allow an attacker to craft an audio file that could lead to information disclosure; a issue in Core Bluetooth in which an attacker could record audio using a pair of connected Airpods; many issues that could allow an attacker to execute code with kernel privileges; and a Sandbox issue in which an app could access user sensitive data. The full list is disclosed in their update documentation.
LINKS:
https://thehackernews.com/2022/10/apple-releases-patch-for-new-actively.html
https://support.apple.com/en-us/HT213489
![Murasaki [ムラサキ]](https://xaiju.com/istorage/44954.jpg)
