Apple has backported fixes for a just lately disclosed critical security flaw influencing older devices, citing evidence of active exploitation.
The issue, tracked as CVE-2022-42856, is a style confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content material.
When it was originally tackled by the company on November 30, 2022, as component of iOS 16.1.2 update, the patch was expanded to a broader established of Apple devices with iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“Apple is aware of a report that this issue could have been actively exploited in opposition to versions of iOS released just before iOS 15.1,” the iPhone maker reported in an advisory posted Monday.
To that close, the newest update, iOS 12.5.7, is accessible for iPhone 5s, iPhone 6, iPhone 6 Additionally, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th technology).
Clément Lecigne of Google’s Threat Assessment Team (TAG) has been credited with identifying the vulnerability, although correct particulars encompassing the exploitation tries in the wild are presently unknown.
The update comes as Apple released iOS 16.3, iPadOS 16.3, macOS Ventura 13.2, watchOS 9.3, and Safari 16.3 to remediate a prolonged record of security flaws, including two bugs in WebKit that could lead to code execution.
macOS Ventura 13.2 also plugs two denial-of-provider vulnerabilities in ImageIO and Safari, alongside a few flaws in the Kernel that could be abused to leak sensitive information and facts , decide its memory format, and execute rogue code with elevated privileges.
It truly is not all bug fixes, though. The updates also convey with them the capability to use hardware security keys to lock down Apple IDs for phishing-resistant two-factor authentication. They also increase the availability of State-of-the-art Details Safety outside the house of the U.S.
Discovered this article attention-grabbing? Adhere to us on Twitter and LinkedIn to read a lot more exceptional content we publish.
Some sections of this posting are sourced from:
thehackernews.com