Apple has released a security update to fix a zero-day vulnerability (CVE-2022-42856) in their products. This vulnerability is reportedly being actively exploited.
The vulnerability affects WebKit, a browser engine that powers Safari and other apps. Successful exploitation of the vulnerability could allow malicious code to run on affected products.
The vulnerability affects the following products:
- iPhone 5s
- iPhone 6
- iPhone 6 Plus
- iPhone 6s (all models)
- iPhone 7 (all models)
- iPhone SE (1st generation)
- iPad Pro (all models)
- iPad Air
- iPad Air 2 and later
- iPad 5th generation and later
- iPad mini 2
- iPad mini 3
- iPad mini 4 and later
- iPod touch (6th generation)
- iPod touch (7th generation)
Users of affected products are advised to upgrade to the latest versions immediately.
Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.
More information is available at:
https://support.apple.com/en-bn/HT213537
https://www.bleepingcomputer.com/news/apple/apple-fixes-new-webkit-zero-day-used-in-attacks-against-iphones/