Three days after Apple rolled out a security update for an actively attacked zero-day vulnerability in iOS, the issue has also been fixed in older iPhones and iPads. Last Monday, Apple released iOS 16.1 and iPadOS 16. With these versions, among other things, CVE-2022-42827 was fixed. A zero-day vulnerability in the iOS kernel that could allow an attacker who already has access to the device to execute code with kernel privileges.
This makes it possible to gain full control over the device. The vulnerability in itself is not sufficient to take over an iPhone or iPad remotely and should be combined with a second vulnerability, for example in a browser or chat app, or via an application that the user installs. However, iOS 16.1 is only available for iPhone 8 and newer.
Last night, Apple released iOS 15.7.1 and iPadOS 15.7.1, protecting older iPhone (iPhone 6 and 7) or iPad owners or those who have not yet upgraded to iOS 16. The update is available through the automatic update function. However, it may take up to a week for the update to install automatically, depending on when the device checks for updates. Users can also install the update manually by going to the update menu or installing it through iTunes.