An article from the current Malwarebytes News letter that concerns Apple iPhone users

NEWS

iPhone zero-day. Update your devices now!

Posted: October 26, 2022 by Christopher Boyd

It’s time to update your Apple devices to ward off a zero-day threat discovered by an anonymous researcher.

As is customary for Apple, the advisory revealing this attack is somewhat threadbare, and doesn’t reveal a lot of information with regard to what’s happening, but if you own an iPad or iPhone you’ll want to get yourself on the latest version.

The zero-day is being used out in the wild, and Apple holding back the specifics may be enough to slow down the risk of multiple threat actors taking advantage of the issue, known as CVE-2022-42827. However, Apple’s lack of detail means it’s not possible to explain what to watch out for if you think your device may have been compromised.

The vulnerability affects the kernel code, the core of the software that operates the device. It can be abused to run remote code execution attacks, which can lead to issues like crashing and / or data corruption. According to Apple, the issue impacts:

• iPhone 8 and later
• iPad Pro (all models)
• iPad Air 3rd generation and later
• iPad 5th generation and later
• iPad mini 5th generation and later

At time of writing, there is very little you can do other than fire up your Apple product and make your way to the updates section. There is no reason to panic, but no need to delay either.

How to update your device

It’s entirely possible that your device is already set to update automatically. If so, then you shouldn’t have to worry about this one: Your device will do it all for you. If not, and your device is on the list above, don’t worry. The route to updating your iPhone or iPad is very standard across the board, no matter which specific flavour you happen to be running:

1. Plug into a power source and enable Wi-Fi
2. Select Settings > General, and then Software Update.
3. Select your desired update(s) and begin the install process.

Automatic updates can be applied like so:

1. Settings > General > Software Update
2. Select Automatic Updates, and then enable Download iOS Updates
3. Turn on Install iOS Updates.

Finally, for Rapid Security Response updates (which ensures important security fixes are applied as soon as possible):

1. Settings > General > Software Update
2. Select Automatic Updates
3. Enable the Security Responses & System Files option

There have been numerous publicly documented zero-day attacks aimed at Apple products this year. While most of these tend to be quite targeted and specific, there is absolutely no harm in getting into the habit of updating. It doesn’t just help to protect you from issues such as the one above, but many other potentially less serious issues too.

Stay safe out there!

Thanks for the advice. I do worry though.

Of interest neither my iPad or iPhone (model 8) had downloaded or advised on either device despite auto update and install being enabled. I often get a little message to say the device could not download or install an update because the device was not plugged into power or charging. None for this suggested update.

Mobile data is also enabled on the iPhone. Although it’s not necessarily a reliable connection from the bedside at night.

They probably will when there is more bandwidth available at Apple. Just manually check for an update and you should be offered:

15.6.1 ⇒ 15.7.1 (600 MB or so)
or
15.6.1 ⇒ 16.1 (2 to 3 GB)

assuming that your phone was up to date beforehand.

Yes, I don’t know what the battery percentage threshold is but generally … before doing an update always be within reach of a charger and a power point.

Also, likely you will want to disable this particular update via mobile data (depending on what plan you are on). (You can leave mobile data itself enabled.)

Thank you. Already done and both devices have updated. Also the wise ones devices. No issue with not being up with the previous version, although IOS 16 was also showing as available. I gather 16 is a voluntary rather the automatic update.

It actually asked before proceeding whether we wanted to use mobile data or the home broadband service. I’ve also noted that behaviour on previous updates. It’s a little frustrating that each device downloads it’s own package 2.6GB total for 4 devices. We spend enough time away to have a generous shared data limit. Not needed for this update this time. Less of an issue of away for a few days. More so if for weeks. I’m not a fan of free wifi anything, (VPN excepted).

It seems to be.

Yes. If you planned to go out and couldn’t wait for the download to finish and your mobile data plan has enough capacity then you could say “yes”, otherwise “no”.

Yes. I hear you. I’ve done two phones so far. (One of the benefits of the Linux world is that there is a documented, clean, easy way of avoiding that problem i.e. local repository i.e. download once and then each computer updates from the local server.)

Commenting on my own comment, yesterday one phone went down 40% on the battery indicator in the course of the gruelling 3 GB update. So that gives an indication of why iOS will refuse to commence an update unless either there is a high state of charge or the phone is on mains power. (It may depend on the age of the phone i.e. the condition of the battery. This particular phone is relatively mature.)