Apple with a hole in it

iPhone zero-day. Update your devices now!

It’s time to update your Apple devices to ward off a zero-day threat discovered by an anonymous researcher.

As is customary for Apple, the advisory revealing this attack is somewhat threadbare, and doesn’t reveal a lot of information with regard to what’s happening, but if you own an iPad or iPhone you’ll want to get yourself on the latest version.

The zero-day is being used out in the wild, and Apple holding back the specifics may be enough to slow down the risk of multiple threat actors taking advantage of the issue, known as CVE-2022-42827. However, Apple’s lack of detail means it’s not possible to explain what to watch out for if you think your device may have been compromised.

The vulnerability affects the kernel code, the core of the software that operates the device. It can be abused to run remote code execution attacks, which can lead to issues like crashing and / or data corruption. According to Apple, the issue impacts:

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later

At time of writing, there is very little you can do other than fire up your Apple product and make your way to the updates section. There is no reason to panic, but no need to delay either.

How to update your device

It’s entirely possible that your device is already set to update automatically. If so, then you shouldn’t have to worry about this one: Your device will do it all for you. If not, and your device is on the list above, don’t worry. The route to updating your iPhone or iPad is very standard across the board, no matter which specific flavour you happen to be running:

  1. Plug into a power source and enable Wi-Fi

  2. Select Settings > General, and then Software Update.

  3. Select your desired update(s) and begin the install process.

Automatic updates can be applied like so:

  1. Settings > General > Software Update

  2. Select Automatic Updates, and then enable Download iOS Updates

  3. Turn on Install iOS Updates.

Finally, for Rapid Security Response updates (which ensures important security fixes are applied as soon as possible):

  1. Settings > General > Software Update

  2. Select Automatic Updates

  3. Enable the Security Responses & System Files option

There have been numerous publicly documented zero-day attacks aimed at Apple products this year. While most of these tend to be quite targeted and specific, there is absolutely no harm in getting into the habit of updating. It doesn’t just help to protect you from issues such as the one above, but many other potentially less serious issues too.

Update 11/2/22:

The updates which address the above issue are iOS 15.7.1 and iPadOS 15.7.1.

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.