Security

Apple Fixes It’s Actively Exploited Zero-day Security Vulnerability Affecting Most iPhones

Moof IT
12.14.2022
Share
  • Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.
  • Apple patches vulnerability being “actively exploited” in iPhones.
  • macOS, iOS and iPadOS users have been advised to update their devices as soon as possible.

Another zero-day security vulnerability

Apple has fixed a zero-day security vulnerability that was actively exploited on most iPhones, in its latest iOS software update.

The flaw, which Clément Lecigne of Google’s Threat Analysis Group uncovered, meant that “processing maliciously crafted web content could lead to arbitrary code execution.”

“Arbitrary code execution” is a function included in many malware programs. Malware containing this function can execute specific, malicious commands within an infected operating system.

The bug – tracked as (CVE-2022-42856) – is a “confusion issue” relating to Apple’s Webkit. Apple revealed that the company is aware of reports that the vulnerability “may have been actively exploited against versions of iOS released before iOS 15.1.”

Apple’s patch is available for macOS, iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

What does it do?

The bug in WebKit’s implementation of a JavaScript API called “IndexedDB” can reveal your recent browsing history and even your identity.

A zero-day vulnerability is a bug in a system or device that has been disclosed but is not yet patched.

Apple has released iOS 16.2, which includes end-to-end encryption for data backed up in iCloud and other new features.

Apple’s secrecy

Apple kept its security bulletin that detailed this vulnerability short and concise – but that’s deliberate.

Delaying the full details of exactly how the patch has been fixed and more specific information on how it has been actively exploited will give users vital time to update and patch their Macs, iPhones and iPads before malicious users develop new workarounds. This is often how zero-day exploits are handled.

What should I do?

Update your devices ASAP and make sure none of your data has been compromised. It’s important to make sure that all devices are updated, even the personal Apple devices of your staff members.

Want to be updated on all the latest Apple news? Contact moof IT today to keep your users and devices safe.

Contact Moof IT to discuss your Mac management needs

  • ISO_27001 logo
  • logo
  • Gcloud logo

Company

Address:
1st Floor, 20 Noel street, London, W1f 8GW
Company Number: 11082827