January 24, 2023Ravie LakshmananMobile Security / 0-Day Attack

Apple has backported patches for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation.

The issue, identified as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could lead to the execution of arbitrary code when parsing maliciously crafted web content.

Although initially addressed by the company on November 30, 2022, as part of the iOS 16.1.2 update, the fix has been extended to a wider set of Apple devices with iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2 and Safari 16.2.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released prior to iOS 15.1,” the iPhone maker said in a notice on Monday.

To that end, the latest update, iOS 12.5.7, is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

Clément Lecigne of Google’s Threat Analysis Group (TAG) was credited with discovering the vulnerability, although the exact details surrounding the wild exploit attempts are currently unknown.

The update comes as Apple released iOS 16.3, iPadOS 16.3, macOS Ventura 13.2, watchOS 9.3 and Safari 16.3 to fix a long list of security flaws, including two bugs in WebKit that could lead to code execution.

macOS Ventura 13.2 also fixes two denial of service vulnerabilities in ImageIO and Safari, as well as three flaws in the kernel that could be exploited to leak sensitive information, determine its memory layout, and execute malicious code with elevated privileges.

These aren’t all bugfixes, however. The updates also bring the ability to use hardware security keys to lock down Apple IDs for phishing-resistant two-factor authentication. They are also expanding the availability of Advanced Data Protection outside of the United States.

Did you find this article interesting ? follow us on Twitter and LinkedIn to read more exclusive content we publish.

Source link

Leave A Reply