Zero-day security Vulnerability Fixed
The update, iOS 16.1.2, rolled out on November 30 to all supported iPhones including iPhone 8 and later versions with unspecified “important security updates.” In a disclosure to Apple’s security updates page on Tuesday, the company said the update fixed a flaw in WebKit together with the browser engine that powers Safari and other apps. The point worth mentioning here is that if it was exploited, it could allow malicious code to run on the person’s device. This bug is called a zero-day because the vendor is given zero-day’s notice in order to fix the vulnerability. The silicon giant further said that the security researchers at Google’s Threat Analysis Group, which investigates nation-state-backed spyware, hacking, and cyberattacks, have discovered and reported the WebKit bug. Let me tell you that WebKit bugs are often exploited when a user visits a malicious domain in their browser or via the in-app browser. No doubt, it isn’t uncommon for bad actors in order to find vulnerabilities that target WebKit as a way to jump into the device’s operating system and the user’s private data. The point is that WebKit bugs can be “chained” to other vulnerabilities as well which allows them to break through multiple layers of a device’s defenses. The company said in its Tuesday disclosure that it is aware that the vulnerability was actively exploited “against versions of iOS released before iOS 15.1,” which was released in October 2021. For the people who have not yet updated to iOS 16, the company also released iOS and iPadOS 15.7.2 in order to fix the WebKit vulnerability for users running iPhones 6s and later versions together with some iPad models. The Webkit bug is tracked as CVE-2022-42856, or WebKit 247562. However, it’s not clear for what reason the company withheld details of the bug for two weeks. Neither Apple nor Google even returned a request for comment.
