• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Apple Fixes Actively Exploited iPhone Zero-Day Vulnerability

You are here: Home / General Cyber Security News / Apple Fixes Actively Exploited iPhone Zero-Day Vulnerability
December 14, 2022

Apple has introduced that an iPhone software update released two months back preset a zero-working day security flaw (tracked CVE-2022-42856) that experienced been actively exploited in the wild.

The iOS 16.1.2 patch was produced on November 30 and progressively rolled out to all supported iPhones, quoting unspecified “crucial security updates.”

Updating its security bulletin on Tuesday, Apple stated the patch preset a flaw in WebKit, the browser motor driving Safari and other iOS applications. If exploited, the vulnerability could allow distant code execution (RCE) on the victim’s product.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“Processing maliciously crafted web information may possibly direct to arbitrary code execution,” the company wrote. “Apple is knowledgeable of a report that this issue may well have been actively exploited towards versions of iOS launched before iOS 15.1.”

Commenting on the information, Tom Davison, senior director of product sales engineering international at Lookout, explained the news of a further zero-working day vulnerability in iOS really should not be stunning.

“We have presently seen various illustrations of this in 2022, with 15.3, 15.6.1, and 16.1 all introducing fixes to critical vulnerabilities alleged to have been exploited in the wild,” Davison advised Infosecurity.

“There is a industry for these flaws among refined risk actors, and additional will undoubtedly be identified. Customers must configure computerized iOS updates to remain protected.”

Extra broadly, the government believes the fundamental concerns connected with these flaws lie with business.

“Cell gadgets are now an integral element of the personnel toolkit. Delicate information freely flows amongst the organization and employee telephones. It is certainly vital that enterprises acquire this into account by which include the security and monitoring of cell devices along with all other computing endpoints.”

At the exact same time, in accordance to Travis Biehn, principal security expert at the Synopsys Program Integrity Group, it is superior to see private marketplace coordinating to guard folks.

“Apple invests a large amount into running procedure security, compartmentalization of parts, sandboxing, and assessments of WebKit – but it does clearly show you that, for complicated program like a web browser written in C++, investing a whole lot of money on assurance will not retain all the bugs out,” Biehn spelled out.

“Builders are slowly but surely adopting new languages like Rust and experimenting with sandbox ways that can further isolate legacy code created in non-memory-risk-free languages like C and C++.”

The Apple patch comes times soon after the business released new knowledge defense attributes concentrated on shielding people against knowledge theft.


Some areas of this article are sourced from:
www.infosecurity-magazine.com

Previous Post: «new gotrim botnet attempting to break into wordpress sites' admin New GoTrim Botnet Attempting to Break into WordPress Sites’ Admin Accounts
Next Post: AgentTesla Remains Most Prolific Malware in November, Emotet and Qbot Grow Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics
  • New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors
  • Multiple Danish Banks Disrupted By DDoS Cyber-Attack
  • Sensitive Files From San Francisco Transit Police Allegedly Leaked
  • Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks
  • Customer and Employee Data the Top Prize for Hackers – Imperva
  • Applications Five Years or Older Likely to have Security Flaws
  • Microsoft’s ‘unusually large’ Patch Tuesday fixes actively exploited zero day, 11 critical vulnerabilities
  • Over 100 CVEs Addressed in First Patch Tuesday of 2023
  • Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99

Copyright © TheCyberSecurity.News, All Rights Reserved.