Apple fixed actively exploited zero-day bug impacting iPhones

The flaw affected Apple’s WebKit browser engine, a mandatory tool for all third-party browsers available for iOS.

Apple described the vulnerability, tracked as CVE-2022-42856, as a “confusion issue” that affected WebKit, a web rendering engine Apple requires browser developers to use.

The tech giant claims that due to the bug, processing “maliciously crafted” content could lead to arbitrary code execution.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” the company said.

The disclosure confirms that the iOS 16.1.2 update, released on November 30, fixed the issue with WebKit. WebKit exploits manifest when users visit malicious domains on their browser. Threat actors can use WebKit bugs with other flaws to breach targeted devices.

Clément Lecigne of Google’s Threat Analysis Group (TAG) is credited with discovering the bug affecting Apple devices. TAG often focuses on investigating state-sponsored hackers and spyware.

The latest zero-day flaw is the tenth Apple has to deal with this year. The company addressed two flaws in January (CVE-2022-22587, CVE-2022-22594) and March (CVE-2022-22674, CVE-2022-22675) and one in February (CVE-2022-22620), May (CVE-2022-22675), August (CVE-2022-32894), September (CVE-2022-32917) and October (CVE-2022-42827).

Recently, researchers discovered Apple’s zero-day vulnerability being traded on the dark web. A few days after the initial vulnerability was exposed, the researchers found a post in which a hacker offered a new zero-day around the same CVE-2022-32893 for €2.5 million.

More from Cybernews:

3.5m IP cameras exposed, with US in the lead

India’s foreign ministry leaks expat passport details

California says it is responding to Lockbit’s attack on Department of Finance

US offered to exchange Russian cybercriminals in prisoner swap, Moscow refused

Alabama and Utah join other US states in banning TikTok on government devices

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked