American tech giant Apple has rolled out updates for its iOS and iPadOS operating systems to address 20 security vulnerabilities, including a zero-day flaw said to have been actively exploited by hackers.
The bug in question (CVE-2022-42827) is an out-of-bounds write issue that could have been used by a local application to execute arbitrary code with kernel privileges.
Apple hasn’t shared any details on who and when has exploited the vulnerability only noting that it “is aware of a report that this issue may have been actively exploited.”
The latest fix marks the ninth zero-day patched by Apple since the start of the year.
In addition to CVE-2022-42827, the iPhone maker has fixed a bunch of high-risk flaws that allowed remote code execution or could have been used to conduct a man-in-the-middle (MitM) attack.
The vulnerabilities impact iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.