MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
apple
Search

We finally know why Apple pushed out that emergency 16.1.2 update

Wednesday December 14, 2022. 02:46 PM , from Mac 911
When iOS 16.1.2 arrived on November 30, we weren’t entirely sure why Apple couldn’t wait until iOS 16.2, which was right around the corner. At the time, Apple’s release notes said the update contained improvements to the iPhone 14’s Crash Detection and nondescript carrier upgrades, neither of which seemed very pressing.

But there was a hidden reason for Apple to push out the update when it did. At the time, we knew there was at least one security update, but Apple declined to tell us what it was. As part of the flurry of updates yesterday, Apple disclosed the reason for the updates and it’s a doozy.

The update fixes a zero-day vulnerability in Apple’s WebKit engine for Safari that could allow a hacker to execute arbitrary code on your Mac. The flaw is due to a type confusion issue and was addressed with improved state handling. Apple says it is aware of a report that this issue may have been actively exploited “against versions of iOS released before iOS 15.1.”

The vulnerability (classified as CVE-2022-42856) was found as part of the Bugzilla program by Clément Lecigne of Google’s Threat Analysis Group. According to Bleeping Computer, this is the 10th zero-day vulnerability Apple has fixed in 2022. A zero-day vulnerability is one that was previously unknown to vendors.

It’s not clear why Apple didn’t divulge this bug for two weeks, but it’s one of the only times it’s done so. Apple also disclosed numerous WebKit flaws yesterday as part of the Safari 16.2 release in macOS and iOS. 

iOS
https://www.macworld.com/article/1435224/16-1-2-update-zero-day-vulnerability-webkit.html
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Fri 29 - 09:36 CET