A new flaw zero day is fixed in the latest iOS security update. Discovered by cybersecurity researchers, it was confirmed by Apple on Tuesday, December 13, 2022. According to the count of Bleeping Computerit would be the tenth vulnerability discovered since the beginning of the year on the operating system of the apple brand.
Affected iPad, iPhone and iPod
The CVE-2022-42856 flaw was unearthed by Clément Lecigne, a specialist in Google’s Threat Analysis Group, in charge of discovering cyber-vulnerabilities. Specifically, this is an error of kind in the development of the source code of the WebKit framework, used by Safari and many apps to browse the web. Exploiting it could lead an attacker to remotely execute code on a victim’s device and gradually take control of the system.
According to Apple, this flaw may have been “actively exploited” on versions prior to iOS 15.1 (released October 2021). In detail, the vulnerability could be patched on all models of iPhone 6s, iPhone 7, iPad Pro, iPad Air 2 and later, and iPad mini 4. The first generation iPhone SE, the fifth generation iPad are also affected. generation and later; finally, the seventh generation iPod touch. The fixes for this bug have also been applied to macOS Ventura 13.1, tvOS 16.2, Safari 16.2, iOS and iPadOS 15.7.2, specifies the specialized site Security Week.
Regularly targeted safari
No information was provided by Apple on potential attacks carried out before the security update. A common procedure that allows time for users and professionals to deploy the patch. Regularly, flaws zero day criticisms are discovered on the operating systems of our smartphones. To carry out a complete attack, a hacker often uses several vulnerabilities in a cascade in order to obtain complete control of the device.
According to a report by AtlasVPN published last April, vulnerabilities discovered in Apple software jumped 467% in the second half of 2021. They mainly concern the Safari browser and its internal components. Flaws that affect a considerable amount of devices due to the interoperability of the iOS ecosystem. These problems are corrected very regularly and quickly.
The recent discovery of several flaws zero day on iOS thus demonstrates the absolute necessity of applying updates very early when they arise.