Apple has patched a zero day vulnerability in the iOS kernel that has been actively exploited in the wild. The fix comes as part of iOS 16.1, which Apple released on Monday, along with major security updates for macOS Monterey, Ventura, and Big Sur.
The iOS flaw is an out-of-bounds write in the kernel and it affects iPhone 8 and later, all models of the iPad Pro, iPad Air 3rd generation and later, and the iPad and iPad Mini 5th generation and later. As is typical with Apple advisories, the company did not provide any further details about the nature of the exploitation in the wild or how widespread it is. The upshot of the vulnerability is that a remote attacker may be able to gain code execution on the target device.
This is the fourth actively exploited vulnerability in iOS that Apple has fixed this year. In September the company patched another kernel vulnerability that was under active attack, as well.
In addition to the actively exploited kernel flaw, Apple also released fixes for 12 other bugs in iOS that can lead to arbitrary code execution.
There is also a major security update for macOS Ventura that includes patches for more than 100 separate vulnerabilities. A large portion of these bugs are in third-party components of macOS, including the Vim text editor, which had 40 individual bugs that Apple fixed by updating the version of Vim included in the OS.
Apple fixed three bugs each in macOS Big Sur and Monterey, one of which can lead to arbitrary code execution.