Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability


Jan 24, 2023Ravie LakshmananMobile Security / 0-Day Attack

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation.

The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.

While it was originally addressed by the company on November 30, 2022, as part of iOS 16.1.2 update, the patch was expanded to a broader set of Apple devices with iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” the iPhone maker said in an advisory published Monday.

To that end, the latest update, iOS 12.5.7, is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

Clément Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering the vulnerability, although exact specifics surrounding the exploitation attempts in the wild are currently unknown.

The update comes as Apple released iOS 16.3, iPadOS 16.3, macOS Ventura 13.2, watchOS 9.3, and Safari 16.3 to remediate a long list of security flaws, including two bugs in WebKit that could lead to code execution.

macOS Ventura 13.2 also plugs two denial-of-service vulnerabilities in ImageIO and Safari, alongside three flaws in the Kernel that could be abused to leak sensitive information , determine its memory layout, and execute rogue code with elevated privileges.

It’s not all bug fixes, though. The updates also bring with them the ability to use hardware security keys to lock down Apple IDs for phishing-resistant two-factor authentication. They also expand the availability of Advanced Data Protection outside of the U.S.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Global Action “Dismantles” Hive Ransomware Group
Hybrid play: Leveling the playing field in online video gaming and beyond
Why your data is more valuable than you may realize
Gootkit Malware Continues to Evolve with New Components and Obfuscations
Multiple Vulnerabilities Found In Healthcare Software OpenEMR

Leave a Reply

Your email address will not be published. Required fields are marked *