Apple Zero-Day Vulnerability Dec 13

In today’s SensCy Cyber Alert, your SensCy team urges Apple product users to install the new updates immediately. The new update remediate a zero-day vulnerability in the iOS and iPad iOS that has been exploited in the wild.

This new zero-day, identifier CVE-2022-42856, is is a type confusion issue in Apple’s Webkit web browser browsing engine. This would allow an individual to maliciously create some web content to perform arbitrary code execution on a vulnerable device.

Apple said in its Tuesday disclosure that it is aware that the vulnerability was exploited “against versions of iOS released before iOS 15.1,” which was released in October 2021. For those who have not yet updated to iOS 16.2, Apple also released iOS and iPadOS 15.7.2 to fix the WebKit vulnerability for users using Phones 6s and later and some iPad models.

What is a zero-day vulnerability?

In cybersecurity, a zero-day vulnerability refers to a vulnerability in a system or device that has been disclosed but not yet patched. The vulnerability was discovered before
developers and security researchers were aware of it and could provide a patch/update.

How to check for new updates:

SensCy highly recommends turning on the Automatic Update on all Apple devices and products.

On your iPhone/iPad, go to the Settings App, scroll down to General, Click Software Update, Turn on Automatic Updates, and Download iOS 16.2

If you need additional information, use these Apple links: iPhone/ iPad: macOS