Apple

Apple Patches Zero-Day Vulnerability In iOS 16.1

Apple recently released an update for its iOS smartphone operating system that also fixed an actively exploited zero-day vulnerability. The bug should be fixed after updating to iOS 16.1.2.

As Apple now announced some distance, the error was in the WebKit browser engine, which is responsible for rendering numerous graphical interfaces. It was found by security researchers from the Threat Analysis Group at Google, who are primarily looking for security gaps that can be used to attack state organizations.

The bug has existed for a long time and also affects the remaining users of older iPhones who do not get the latest update. This applies to the iPhone 6S, among others. iOS 15.7.2 was provided for these, which essentially only fixes this vulnerability.

Waiting time raises questions

The error is listed in the databases as CVE-2022-42856 or WebKit 247562. It’s not clear why Apple withheld details of the bug for two weeks. They probably wanted to wait until the error correction had reached as many users as possible – which, however, makes only limited sense in the case of a problem that is already being actively exploited, since the information in question has obviously been circulating in relevant circles for a long time.

On the other hand, the period of time would be useful if, for example, there is only one piece of malware that is attacking specific users in a very targeted manner. Then you could at least prevent common forest and meadow criminals from becoming aware of the vulnerability too quickly and quickly carrying out larger-scale attacks.

In any case, it is advisable not to wait any longer with a system update – even on iPads. Especially since Apple has now also released iOS 16.2, which also significantly improves security in other critical areas with new end-to-end encryption for data in the iCloud.