Active Exploitation of Zero-day Vulnerability in Apple Products

Published on 14 Dec 2022

Updated on 24 Jan 2023

Apple has released a security update to fix a zero-day vulnerability (CVE-2022-42856) in their products. This vulnerability is reportedly being actively exploited.

The vulnerability affects WebKit, a browser engine that powers Safari and other apps. Successful exploitation of the vulnerability could allow malicious code to run on affected products.

The vulnerability affects the following products:

  • iPhone 5s
  • iPhone 6
  • iPhone 6 Plus
  • iPhone 6s (all models)
  • iPhone 7 (all models)
  • iPhone SE (1st generation)
  • iPad Pro (all models)
  • iPad Air
  • iPad Air 2 and later
  • iPad 5th generation and later
  • iPad mini 2
  • iPad mini 3
  • iPad mini 4 and later
  • iPod touch (6th generation)
  • iPod touch (7th generation)

Users of affected products are advised to upgrade to the latest versions immediately.

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available at:

https://support.apple.com/en-bn/HT213537

https://www.bleepingcomputer.com/news/apple/apple-fixes-new-webkit-zero-day-used-in-attacks-against-iphones/