Apple Patches Vulnerability Being “Actively Exploited” in iPhones

iOS and iPadOS users have been advised to update their devices as soon as possible.

Apple has just released a security update that fixes a serious vulnerability in devices running iOS and iPadOS, one which the company says “may have been actively used in attacks”.

Using password managers and other cybersecurity tools can reduce your vulnerability to some types of cyberattacks, but this news is a sobering reminder that we’re reliant on companies like Apple, Microsoft, and Google to ensure the systems we’re using are safe and watertight.

We advise taking this opportunity to ensure your iPhone, iPad and other Apple products affected by the vulnerability are fully up to date.

What is the Security Flaw That Apple has Patched?

The flaw, which was uncovered by Clément Lecigne of Google's Threat Analysis Group, meant that “processing maliciously crafted web content could lead to arbitrary code execution.”

“Arbitrary code execution” is a function included in many malware programs. Malware containing this function can execute specific, malicious commands within an infected operating system.

The bug – tracked as (CVE-2022-42856) – is a “confusion issue” relating to Apple’s Webkit. Apple revealed that the company is aware of reports that the vulnerability “may have been actively exploited against versions of iOS released before iOS 15.1.”

Apple's patch is available for iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Apple Tight-Lipped on Exploit Information

Apple kept its security bulletin that detailed this vulnerability short and concise – but that’s almost certainly by design.

Delaying the full details of exactly how the patch has been fixed – as well as more specific information on how it has been actively exploited – will give users vital time to update and patch their iPhones and iPads before malicious actors develop new workarounds.

This is often how zero-day exploits are handled. “Zero day” is a term given to exploits and vulnerabilities previously unknown to the developers of a given software program (in this case, Apple) – as well as other interested parties – at the time of discovery.

Update Your iOS Device Today

This is the tenth zero-day vulnerability Apple has patched this year and, as always, it’s really important that you install any updates currently available for your Apple devices.

Updating the software you use as quickly as you can greatly decreases the chance you may fall victim to threat actors exploiting software vulnerabilities, whatever device or operating system you’re using.

However, this is just one attack vector that hackers and scammers use to target unsuspecting victims – humans are just as likely to create their own vulnerabilities by using weak passwords, for instance.

This means staying on top of software updates isn’t enough – using tools like password managers to create sufficiently long and unique passwords is just as crucial to protecting yourself as any software update. Make sure you're covering all your bases.

Written by:

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol five years ago. As a writer, Aaron takes a special interest in VPNs, cybersecurity, and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and Politics.co.uk covering a wide range of topics.

Explore More See all news
close Building a Website? We've tested and rated Wix as the best website builder you can choose – try it yourself for free Try Wix today