October 31, 2022
Entry Type
Security Guidance
Platform(s) Affected
iOS
Threat Type
Vulnerability
Platform(s) Affected
Security Guidance
iOS
Vulnerability
Lookout Coverage and Recommendation for Admins
Lookout provides multilayered protection for devices that are vulnerable through multiple vectors. Lookout admins should set default OS Out of Date policy to have a minimum iOS version of 16.1 for applicable models. They can then choose whether to alert the user that the device is out of compliance or block access to enterprise resources until iOS is updated.
In addition to requiring a minimum OS, admins should enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that exploit these vulnerabilities to phish credentials or deliver malicious apps to the device.
CISA is requiring all government organizations to update to the patched versions of these apps by November 15th.
Overview
Apple recently released a software update to iOS 16.1 and iPadOS 16 to patch a zero-day kernel vulnerability identified as CVE-2022- 42827, which is reportedly being exploited in the wild. This vulnerability could allow a maliciously crafted application to execute arbitrary code with kernel privileges. The patch is available for iPhone 8 and later, iPad Pro and iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later. Anyone using one of these devices should immediately update their device by going to Settings, General, then Software Update.
Some of the notable vulnerabilities of the 19 patched in this update include:
- CVE-2022-32947, CVE-2022-32940, CVE-2022-32924, CVE-2022-42808, CVE-2022-42827, CVE-2022-42829 - 32, CVE-2022-32922 which are capable of remote code executions that grant privileged access to disclosing kernel memory.
- CVE-2022-42811 and CVE-2022-42824, which could disclose sensitive information via malcrafted webpages.
- CVE-2022-32946 which represents a flaw in the Bluetooth component, which can allow an app to record audio using AirPods
Lookout Analysis
These CVEs could grant a remote user a control over the device by leveraging techniques such as exploitation for privilege escalation (T1404) and drive-by compromise (T1456) found in the MITRE mobile ATT&CK matrix. We strongly suggest that the admins set policies that encourage their users to update their Apple devices to at least version iOS 16.1 and iPadOS 16.0. CVE-2022-42827 has been reported under CISA guidelines making it mandatory for all government agencies to run the security update.
Lookout Coverage and Recommendation for Admins
Lookout provides multilayered protection for devices that are vulnerable through multiple vectors. Lookout admins should set default OS Out of Date policy to have a minimum iOS version of 16.1 for applicable models. They can then choose whether to alert the user that the device is out of compliance or block access to enterprise resources until iOS is updated.
In addition to requiring a minimum OS, admins should enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that exploit these vulnerabilities to phish credentials or deliver malicious apps to the device.
CISA is requiring all government organizations to update to the patched versions of these apps by November 15th.
Subscribe to get the latest threat reports and insights
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Other Related Threats
September 15, 2023
Scattered Spider
Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign
September 19, 2023
CVE-2023-4863
September 18, 2023