Security News > 2023 > January > Apple delivers belated zero-day patch for iOS v12 (CVE-2022-42856)

Apple delivers belated zero-day patch for iOS v12 (CVE-2022-42856)
2023-01-24 11:05

Apple has released security updates for macOS, iOS, iPadOS and watchOS, patching - among other things - a type confusion flaw in the WebKit component that could be exploited for remote code execution on older iPhones and iPads running iOS v12.

"Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1," the company said.

CVE-2022-42856 was a zero-day vulnerability flagged by Clément Lecigne of Google's Threat Analysis Group and was patched by Apple in November and December 2022 in the iOS 16 and 15 branches, respectively.

Apple still has not shared details of the attacks leveraging this vulnerability.

Advanced Data Protection for iCloud and Security Keys for Apple ID, two security features announced and partially rolled out for testing by Apple late last year, have also been included in this latest macOS Ventura update.

Advanced Data Protection for iCloud expands end-to-end encryption to more data categories in iCloud, and Security Keys for Apple ID adds the necessary support so users can use physical security keys as their second authentication factor.


News URL

https://www.helpnetsecurity.com/2023/01/24/cve-2022-42856-ios-v12/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-15 CVE-2022-42856 Type Confusion vulnerability in Apple products
A type confusion issue was addressed with improved state handling.
network
low complexity
apple CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349