Apple recently backported a fix for a critical security flaw affecting older devices, citing evidence of active exploitation.
This issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that allows arbitrary code execution when processing maliciously crafted web content.
Initially addressed by the company as part of the iOS 16.1.2 update on November 30, 2022, the patch will be released to a wider range of Apple devices with iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1 and tvOS. was extended to 16.2, and Safari 16.2.
“Apple is aware of reports that this issue may have been actively exploited against versions of iOS released prior to iOS 15.1,” the iPhone maker said in an advisory published Monday. said in Li.
So you can take advantage of the latest update iOS 12.5.7 for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3 and iPod touch (6th generation).
Clément Lecigne of Google’s Threat Analysis Group (TAG) is credited with discovering the vulnerability, but the exact details of the actual exploitation attempt are currently unknown.
With this update, Apple released iOS 16.3, iPadOS 16.3, macOS Ventura 13.2, watchOS 9.3, and Safari 16.3 with a long list of security flaws, including two bugs in WebKit that could lead to code execution. provided to repair the
macOS Ventura 13.2 also plugs in two denial of service vulnerabilities in ImageIO and Safari. It also plugs in, in addition to his three flaws in the kernel that can be exploited to leak sensitive information, identify memory layouts, and execute unauthorized code with elevated privileges.
Not all bug fixes though. This update also adds the ability to lock your Apple ID with a hardware security key for phishing-resistant two-factor authentication.It also expands the availability of advanced data protection outside the United States