Apple fixes exploited vulnerabilitie on older iPhones and iPads |
Apple today released a security patch to address a security vulnerability in older iPhones and iPads that could be exploited remotely.
The vulnerability, tracked with ID (CVE-2022-42856), stems from a so-called confusing vulnerability in the company's web browser engine (Webkit) that powers Safari and other apps.
Apple said that Google's Threat Analysis team, which investigates spyware, hacking and government-sponsored cyberattacks, discovered the vulnerability in the Webkit engine.
Vulnerabilities in browser engines are often exploited when users visit malicious domains in their browsers or browse pages in other applications.
Hackers attempt to exploit vulnerabilities in Webkit to break into the operating system and users' private data. Browser engine vulnerabilities can be combined with other vulnerabilities to penetrate a device's multiple layers of defence.
Once this is achieved, arbitrary code execution can allow hackers to execute operating system commands, deliver malware payloads, attach spyware, or perform other malicious activities.
In a report released today, Apple said it was aware of reports that the vulnerability "may have been actively exploited." Today, the company fixed the vulnerability in the following devices: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and the sixth generation iPhone Touch.
Apple has not released any information about attack reports it has received as a result of its active exploitation of the vulnerability. By withholding this information, the goal is probably to allow as many users as possible to protect their devices before other attackers learn the details of the disclosed vulnerability and launch new attacks against vulnerable iPhones and iPads.