As 2022 comes to a close, Apple is delivering its customers a significant series of security upgrades that fix hundreds of flaws in numerous products, including a zero-day vulnerability that iOS users are reportedly being exploited by hackers.
As many Apple fans should already be aware, the Cupertino-based corporation released an update to iPhone 8 and subsequent models in November that appeared to be trivial and irrelevant. Apple did not reveal the exact reason for the patch, merely stating that “information will be forthcoming soon.”
The advisory now includes a real CVE and a brief summary indicating that iOS 16.1.2 plugs a significant security hole that threat actors may have used.
The problem, identified as CVE-2022-42856, is in WebKit, the rendering engine that apps utilize to show web content on both iOS and macOS.
By using “maliciously constructed online content” to inject into the target device, a type of confusion flaw might be used by threat actors to execute arbitrary code, possibly malware, or steal data.
According to the alert, “Apple is aware of a report that this problem may have been actively exploited against versions of iOS published before iOS 15.1.”
Google’s Threat Analysis Group researcher Clément Lecigne is credited for finding the problem.
On previous generation devices including the iPhone 6s, iPhone 7, iPhone SE, most current iPads, and even the seventh-generation iPod touch, iOS 15.7.2 and iPadOS 15.7.2 fix this horrible zero-day vulnerability.
Users of Apple TV are also impacted, and tvOS 16.2 by Apple fixes the problem. In addition, standalone upgrades to Safari for macOS Big Sur and macOS Monterey, as well as for macOS Ventura 13.1, fix the issue.
Numerous further security flaws in Apple’s devices are being fixed, and they are all detailed on this page.
iOS 16.2, a brand-new point update for iPhone and iPad owners, not only addresses security but also adds a number of new features and enhancements. Go to Settings -> General -> Software Upgrade and select Download and Install to update your iDevice.