The discovered flaw allows cybercriminals to send users to a malicious site.
Regularly, iPhones fall victim to system errors that can cause one or another danger to the user’s data or to the entire device. Suppose Apple generally quickly deploys a patch to solve the problem. In that case, this nevertheless raises questions about the security of devices that are a priori reliable and safe, according to Tim Cook during the keynotes.
On November 30, Apple patched a flaw called CVE-2022-42856 discovered by a Google analyst. This flaw was mainly found on iPhone 5S, iPhone 6 and 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and 6th generation iPod touch and allowed cybercriminals to encourage the user to go to a malicious site belonging to them to then launch a code enabling, among other things, to deploy malware in the OS.
A flaw not fully corrected…
With iOS 16.1.2, Apple then thought it had fixed the problem once and for all and prevented its customers from being hacked. Problem: The flaw was still exploited by cybercriminals, despite the patch.
“Processing maliciously crafted web content may lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited against versions of iOS prior to iOS 15.1,” Apple said on its website.
By publishing iOS 16.1.2, Apple then excluded the oldest devices, including those mentioned above, and incompatible with this version of the OS. This is why it very quickly deployed iOS and iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2, which then made it possible to correct the flaw discovered in WebKit.
As Apple recommends, download and install these updates as soon as possible. If you have a newer device, feel free to install the updates, including iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2.