Apple Patches iOS and macOS Against Newly Exploited WebKit Flaw

As 2022 draws to a close, Apple is sending its customers an important set of security updates, addressing dozens of vulnerabilities in a plethora of products – including a zero-day flaw that hackers are said to be exploiting in iOS.

As many Apple fans should already know, the Cupertino-based company in November rolled out a seemingly minor and unimportant update to iPhone 8 and newer models, refraining from disclosing the actual purpose of the patch, saying only that “details will be available soon.”

Today, the advisory is adorned with an actual CVE and a small description revealing that iOS 16.1.2 closes a serious security hole – one that threat actors may have exploited.

Tracked as CVE-2022-42856, the issue resides in WebKit, the rendering engine apps use to display web content not just on iOS but also on macOS.

A type confusion issue could be exploited to feed “maliciously crafted web content” to the target device, enabling threat actors to run arbitrary code and potentially run malware or steal data.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” according to the advisory.

The researcher credited with the bug’s discovery is Clément Lecigne of Google's Threat Analysis Group.

iOS 15.7.2 and iPadOS 15.7.2 address this nasty zero-day flaw on older-generation devices, including iPhone 6s, iPhone 7, iPhone SE, most recent iPads and even the seventh-gen iPod touch.

Apple TV users are also affected, with Apple addressing the issue in tvOS 16.2. Finally, the flaw is also addressed in standalone updates to Safari for macOS Big Sur and macOS Monterey, as well as in macOS Ventura 13.1.

Apple is addressing dozens more security issues in a range of products, all listed on this page.

iPhone and iPad users are also treated to a brand new point-update, iOS 16.2, which not only deals with security but also includes a number of new features and improvements. To update your iDevice, go to Settings ->General->Software Update, and choose Download and Install.