Apple has just released a security update that fixes a serious vulnerability in devices running iOS and iPadOS, one which the company says “may have been actively used in attacks”.
Using password managers and other cybersecurity tools can reduce your vulnerability to some types of cyberattacks, but this news is a sobering reminder that we’re reliant on companies like Apple, Microsoft, and Google to ensure the systems we’re using are safe and watertight.
We advise taking this opportunity to ensure your iPhone, iPad and other Apple products affected by the vulnerability are fully up to date.
What is the Security Flaw That Apple has Patched?
The flaw, which was uncovered by Clément Lecigne of Google's Threat Analysis Group, meant that “processing maliciously crafted web content could lead to arbitrary code execution.”
“Arbitrary code execution” is a function included in many malware programs. Malware containing this function can execute specific, malicious commands within an infected operating system.
The bug – tracked as (CVE-2022-42856) – is a “confusion issue” relating to Apple’s Webkit. Apple revealed that the company is aware of reports that the vulnerability “may have been actively exploited against versions of iOS released before iOS 15.1.”
Apple's patch is available for iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Apple Tight-Lipped on Exploit Information
Apple kept its security bulletin that detailed this vulnerability short and concise – but that’s almost certainly by design.
Delaying the full details of exactly how the patch has been fixed – as well as more specific information on how it has been actively exploited – will give users vital time to update and patch their iPhones and iPads before malicious actors develop new workarounds.
This is often how zero-day exploits are handled. “Zero day” is a term given to exploits and vulnerabilities previously unknown to the developers of a given software program (in this case, Apple) – as well as other interested parties – at the time of discovery.
Update Your iOS Device Today
This is the tenth zero-day vulnerability Apple has patched this year and, as always, it’s really important that you install any updates currently available for your Apple devices.
Updating the software you use as quickly as you can greatly decreases the chance you may fall victim to threat actors exploiting software vulnerabilities, whatever device or operating system you’re using.
However, this is just one attack vector that hackers and scammers use to target unsuspecting victims – humans are just as likely to create their own vulnerabilities by using weak passwords, for instance.
This means staying on top of software updates isn’t enough – using tools like password managers to create sufficiently long and unique passwords is just as crucial to protecting yourself as any software update. Make sure you're covering all your bases.