On Tuesday, Apple released a patch for iOS, iPados, MacOS, TVS and Safari web browser, which should eliminate the new 0-day vulnerability that can lead to execution of arbitrary code. The gap in the defense received the CVE-2022-42856 identifier and was described by the company as confusion in the WebKit-the browser engine, on which Safari and other applications operate. As experts say, vulnerability could be caused when processing a specially created content and allowed attackers to fulfill an arbitrary code.
According to Apple, CVE-2022-42856 could be actively used before the IOS 15.1 release, but the IT giant is in no hurry to disclose technical details of the attacks. It is worth noting that vulnerability was discovered by competitors of Cupertinists – Google Threat Analysis Group.
The last patch is available for iOS 15.7.2, iPados 15.7.2, MacOS Ventura 13.1, Tvos 16.2 and Safari 16.2. It appeared two weeks after on November 30, 2022, Apple corrected the CVE-2022-42856 in iOS 16.1.2.