
The flaw affected Apple’s WebKit browser engine, a mandatory tool for all third-party browsers available for iOS.
Apple described the vulnerability, tracked as CVE-2022-42856, as a “confusion issue” that affected WebKit, a web rendering engine Apple requires browser developers to use.
The tech giant claims that due to the bug, processing “maliciously crafted” content could lead to arbitrary code execution.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” the company said.
The disclosure confirms that the iOS 16.1.2 update, released on November 30, fixed the issue with WebKit. WebKit exploits manifest when users visit malicious domains on their browser. Threat actors can use WebKit bugs with other flaws to breach targeted devices.
Clément Lecigne of Google’s Threat Analysis Group (TAG) is credited with discovering the bug affecting Apple devices. TAG often focuses on investigating state-sponsored hackers and spyware.
The latest zero-day flaw is the tenth Apple has to deal with this year. The company addressed two flaws in January (CVE-2022-22587, CVE-2022-22594) and March (CVE-2022-22674, CVE-2022-22675) and one in February (CVE-2022-22620), May (CVE-2022-22675), August (CVE-2022-32894), September (CVE-2022-32917) and October (CVE-2022-42827).
Recently, researchers discovered Apple’s zero-day vulnerability being traded on the dark web. A few days after the initial vulnerability was exposed, the researchers found a post in which a hacker offered a new zero-day around the same CVE-2022-32893 for €2.5 million.
More from Cybernews:
3.5m IP cameras exposed, with US in the lead
India’s foreign ministry leaks expat passport details
California says it is responding to Lockbit’s attack on Department of Finance
US offered to exchange Russian cybercriminals in prisoner swap, Moscow refused
Alabama and Utah join other US states in banning TikTok on government devices
Subscribe to our newsletter
Your email address will not be published. Required fields are marked