Security News > 2022 > December > Apple Patches iPhone Zero-Day
The most recent iPhone update-to version 16.1.2-patches a zero-day vulnerability that "May have been actively exploited against versions of iOS released before iOS 15.1.".
Apple said security researchers at Google's Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.
WebKit bugs are often exploited when a person visits a malicious domain in their browser.
It's not uncommon for bad actors to find vulnerabilities that target WebKit as a way to break into the device's operating system and the user's private data.
WebKit bugs can be "Chained" to other vulnerabilities to break through multiple layers of a device's defenses.
News URL
https://www.schneier.com/blog/archives/2022/12/apple-patches-iphone-zero-day.html
Related news
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)