Apple just launched the iOS and iPadOS 15.4.1 update, a small patch that addresses a battery drain issue and a zero-day vulnerability. Users should update immediately to patch the vulnerability, as Apple has evidence that it’s been exploited by hackers.
According to Apple’s security update release notes, the zero-day vulnerability allows hackers to execute arbitrary code with kernel privileges through an app. It seems that some hackers figured out how to bypass Apple’s “bounds checking,” which it uses to ensure that apps don’t run malicious code.
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
In addition to the security patch, this update should fix battery performance issues that were introduced with the 15.4 update. Several users reported battery drain after installing the last update, though it seems that the battery drain problem only affects some users.
The zero-day vulnerability, called CVE-2022-22675, affects all iPhone and iPad models running iOS or iPadOS 15. Again, you should update immediately to patch the problem.