Security News > 2022 > December > Apple patches everything, finally reveals mystery of iOS 16.1.2

Apple patches everything, finally reveals mystery of iOS 16.1.2
2022-12-14 21:11

Apple has just published a wide range of security fixes for all its supported platforms, from the smallest watch to the biggest laptop.

In other words, if you've got an Apple product, and it's still officially supported, we urge you to do an update check now.

A bug in WebKit, Apple's web rendering engine, known as CVE-2022-42856, apparently showed up in an exploit being used in the wild, and although that bug has now been patched in all the abovementioned updates.

It seems that the known exploit only worked on iOS. Of course, given that the update advisories now explicitly state that the exploit actually only worked "Against versions of iOS released before iOS 15.1", we still don't know why iOS 16 users got an update while iOS 15 users didn't.

Perhaps Apple was hoping that some users who were still back on iOS 15, and thus potentially vulnerable, would jump to iOS 16 and get themselves as up-to-date as possible?

Or perhaps the iOS 16.1.2 update was merely a precaution that took less time to push out than it did for Apple to ensure that iOS 16 was not at risk?


News URL

https://nakedsecurity.sophos.com/2022/12/14/apple-patches-everything-finally-reveals-mystery-of-ios-16-1-2/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-15 CVE-2022-42856 Type Confusion vulnerability in Apple products
A type confusion issue was addressed with improved state handling.
network
low complexity
apple CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349