Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Mobile & Wireless

Apple Patches Zero-Day Vulnerability Exploited Against iPhones

Apple on Tuesday published 10 new advisories describing vulnerabilities affecting its products, including a zero-day that has been exploited against iPhone users.

Apple on Tuesday published 10 new advisories describing vulnerabilities affecting its products, including a zero-day that has been exploited against iPhone users.

Apple announced on November 30 that an advisory for iOS 16.1.2 would be released in the coming days. The advisory was published two weeks later, on Patch Tuesday, and it’s unclear why the tech giant waited for so long to make the information public.

According to the company, the flaw, tracked as CVE-2022-42856, is a type confusion affecting the WebKit browser engine. An attacker can exploit the vulnerability for arbitrary code execution by getting the targeted user to access a specially crafted website.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” the company said in its advisory.

Clément Lecigne of Google’s Threat Analysis Group has been credited for reporting the vulnerability to Apple. While no information has been released about the attacks leveraging CVE-2022-42856, Google typically tracks exploits used by sophisticated state-sponsored threat actors or commercial spyware vendors.

While it appears that CVE-2022-42856 has only been used against iPhone users, Apple has also patched the vulnerability with the release of macOS Ventura 13.1, tvOS 16.2, and Safari 16.2. iOS and iPadOS 15.7.2 also include fixes for the bug.

macOS Ventura 13.1 patches a total of 36 vulnerabilities that can lead to arbitrary code execution, sensitive information disclosure, security bypass, spoofing, or a denial-of-service (DoS) condition. macOS Big Sur 11.7.2 resolves 10 vulnerabilities, and macOS Monterey 12.6.2 fixes over a dozen issues.

A total of 35 flaws have been fixed with the release of iOS and iPadOS 16.2, and 17 security holes with the release of iOS and iPadOS 15.7.2.

Advertisement. Scroll to continue reading.

WatchOS 9.2 addresses 25 vulnerabilities, and tvOS 16.2 addresses 28 issues. Since these operating systems are based on iOS, most of these are flaws shared among all operating systems.

Safari 16.2 patches 10 flaws and iCloud for Windows 14.1 fixes three issues — all affecting WebKit.

Additional information is available on Apple’s security updates page

Related: Apple Fixes Exploited Zero-Day With iOS 16.1 Patch

Related: Apple Patches ‘Actively Exploited’ iOS Security Flaw

Related: iOS 12 Update for Older iPhones Patches Exploited Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights