According to cybersecurity firm Sophos, threat actors could take advantage of the WebKit vulnerability, categorized as CVE-2022-42856, to execute code on affected devices and spread malware. Apple already released a patch to fix the vulnerability on newer devices in December 2022. The iOS 12.5.7 update is now available for iPhone 5s, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-gen iPods.
Zero-Day WebKit Vulnerability
The WebKit vulnerability was discovered by Clément Lecigme, a member of Google’s Threat Analysis Group. The bug allowed cybercriminals to implant malware on a user’s device. All the user had to do was view a web page. This, in turn, would execute a code on iPhones, iPads, and Macs, allowing attackers to access the operating system, install malicious apps, and hijack the device. The flaw affects Safari and other browsers running on an iPhone. WebKit is a web rendering engine; it is part of the web browsing system of all Apple devices. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” the company said on its website without providing further details. Apple released a patch for a similar WebKit vulnerability in August last year, dubbed CVE-2022-32893. iOS 12 got a patch for the same bug about two weeks after newer versions of Apple’s operating system. Prior to that, the last time iOS 12 received an update was in September 2021.
Keep Your iPhone Safe
We recommend you set your iPhone to receive updates automatically. This ensures you don’t miss important patches. To do this, go to Settings>General>Software Update. With practically every major iOS and iPadOS update, Apple tends to stop supporting previous-gen products with security updates and new features. This has been the case for the iPhone 6s, 6s Plus, 7, 7 Plus, and SE, which did not receive the iOS 16 update and are now end-of-cycle. Although Apple’s mobile operating system is considered more secure than Android, it is not immune to vulnerabilities. In April 2020, an ethical hacker found multiple security flaws in Apple’s Safari browser. And in September 2021, Apple said a critical vulnerability affecting its Safari browser was being exploited. Later, in October 2021, a privilege escalation zero-day threatened the security of iPhones and iPads.