Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited.
The update, iOS 16.1.2, landed on November 30 and rolled out to all supported iPhones — including iPhone 8 and later — with unspecified “important security updates.”
Security Flaw which Apple have pacthed
The bug – tracked as (CVE-2022-42856) – is a “confusion issue” relating to Apple’s Webkit. Apple revealed that the company is aware of reports that the vulnerability “may have been actively exploited against versions of iOS released before iOS 15.1.”
The bug was found in WebKit which is Apple’s web rendering engine.
WebKit is the web browser engine used by Safari, Mail, App Store, and many other apps on macOS, iOS, and Linux.
Apple says the impact of the vulnerability is that processing maliciously crafted web content may lead to arbitrary code execution.
Vulnerable software versions
Apple iOS: 16.1.1 20B101, 16.1 20B82, 16.0.1 20A371 – 16.0.3 20A392, 16.0 20A362
Apple has released iOS 16.2 , which includes end-to-end encryption for data backed up in iCloud and other new features.
Updating the software you use as quickly as you can greatly decreases the chance you may fall victim to threat actors exploiting software vulnerabilities, whatever device or operating system you’re using.