Get in Touch
Back to main blog page

Apple Fixes It’s Actively Exploited Zero-day Security Vulnerability Affecting Most iPhones

14th December 2022 | posted by Moof IT | Tags: , ,
  • Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.
  • Apple patches vulnerability being “actively exploited” in iPhones.
  • macOS, iOS and iPadOS users have been advised to update their devices as soon as possible.

Another zero-day security vulnerability

Apple has fixed a zero-day security vulnerability that was actively exploited on most iPhones, in its latest iOS software update.

The flaw, which Clément Lecigne of Google’s Threat Analysis Group uncovered, meant that “processing maliciously crafted web content could lead to arbitrary code execution.”

“Arbitrary code execution” is a function included in many malware programs. Malware containing this function can execute specific, malicious commands within an infected operating system.

The bug – tracked as (CVE-2022-42856) – is a “confusion issue” relating to Apple’s Webkit. Apple revealed that the company is aware of reports that the vulnerability “may have been actively exploited against versions of iOS released before iOS 15.1.”

Apple’s patch is available for macOS, iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

What does it do?

The bug in WebKit’s implementation of a JavaScript API called “IndexedDB” can reveal your recent browsing history and even your identity.

A zero-day vulnerability is a bug in a system or device that has been disclosed but is not yet patched.

Apple has released iOS 16.2, which includes end-to-end encryption for data backed up in iCloud and other new features.

Apple’s secrecy

Apple kept its security bulletin that detailed this vulnerability short and concise – but that’s deliberate.

Delaying the full details of exactly how the patch has been fixed and more specific information on how it has been actively exploited will give users vital time to update and patch their Macs, iPhones and iPads before malicious users develop new workarounds. This is often how zero-day exploits are handled.

What should I do?

Update your devices ASAP and make sure none of your data has been compromised. It’s important to make sure that all devices are updated, even the personal Apple devices of your staff members.

Want to be updated on all the latest Apple news? Contact moof IT today to keep your users and devices safe.


Leave a Reply

Your email address will not be published. Required fields are marked *

Other Articles

blog image
MacAD UK 2018 – Shields up, Captain?
21st February 2018

Update, 2018.03.30: Added link to YouTube Video Hi All, I had the pleasure of delivering…

MoofPatch from Moof IT - automatic macOS and third-party application patching for Macs
MoofPatch from Moof IT – Automatic MacOS and Third-Party Application Patching for Macs
21st October 2021

Keeping your Macs up to date means your business will have access to the latest…

3rd February deadline for Notarization of non Mac App Store apps
8th January 2020

On the 23rd December, Apple announced an update to the Notarization prerequisites for non Mac…

blog img
Suppressing auto-update checks for Microsoft Visual Studio Code for Mac
15th January 2018

Released back in March 2016, Visual Studio is Microsoft’s own offering for Code editing, for…

Mac Admin Privileges
Mac Admin Privileges: Controlling Security and Updates with Jamf Pro
12th August 2021

When you set up a new Mac, you’re made the administrator of that machine by…

About moof IT

moof IT are an Apple focused IT company providing a full range of services to over 150 clients including user support, device management, infrastructure and security.

Contact Info

Tel: 0203 983 4444

Email: hello@moof-it.co.uk

London: 1st Floor 20 Noel Street London W1F 8GW

Social Media