Apple is fixing an exposed bug and exploit that affects most iPhones |
Apple said a software update released for iPhone smartphones two weeks ago fixes a disclosed security vulnerability that was said to have been exploited.
Apple released iOS 16.1.2 for all supported iPhones on November 30 for iPhone 8 and later. The new version comes with an important unspecified security update from the company.
On its Security Updates page, Apple announced that the update fixes a bug in the WebKit browser engine that powers Safari and other apps that hackers can exploit to run malicious code on devices.
According to Apple, Google's Threat Analysis team, which investigates spyware, hacking and state-sponsored cyberattacks, discovered the vulnerability in the WebKit engine.
WebKit vulnerabilities are commonly exploited when users visit malicious domains in their browsers or browse pages in other applications. Hackers attempt to exploit vulnerabilities in browser engines to compromise operating systems and private user data. WebKit vulnerabilities can be combined with other vulnerabilities to penetrate a device's multiple layers of defence.
Apple said that it was aware of the vulnerability in iOS versions earlier than 15.1, which will be released in October 2021. For users who have not yet updated to these versions of iOS 16, the company has also released iOS 15.7.2 and iPadOS: Fixes WebKit vulnerability on iPhone 6s and later and some iPad tablet models.
The vulnerability is now tracked as CVE-2022-42856 or WebKit 247562. It's unclear why Apple hid details of the bug for two weeks.
It is also worth noting that a couple of days ago, Apple released iOS 16.2, which, among other things, includes end-to-end encryption of data in iCloud backups.