In brief Apple has patched an iOS and iPad OS vulnerability that's already been exploited.
Crediting an anonymous security researcher with reporting the issue, Apple said the problem involves an out-of-bounds write issue – which involves adding data past the end or before the beginning of a buffer. The impacts can bedata corruption, a crash or the chance to execute arbitrary code with kernel privileges.
Apple issued patches for iOS 16.1 and iPad OS 16, to address this and 19 other vulnerabilities. Six of the flaws involved the kernel. Others hit Core Bluetooth, graphics and GPU drivers, or the iOS Sandbox.
Apple's security notice for the patches didn't provide many details on the nature of the already-exploited flaw - we're in the dark as to the nature of the vulnerability, the extent of exploitation, or who may have been attacking the flaw.
Looking over the patch notes, one may notice a list of people credited with notifying Apple of such vulnerabilities. Many of them may have been motivated by Apple's upgraded bug bounty program, which the company said has awarded nearly $20 million to researchers since being launched two and a half years ago.
"To our knowledge, this makes Apple Security Bounty the fastest-growing bounty program in industry history," Apple bragged in a statement, in which it also announced the debut of an Apple Security Research website.
The new site will serve as a way for security researchers working on Apple vulnerabilities to communicate with Cuper ..
Support the originator by clicking the read the rest link below.
