{"id":474169,"date":"2022-12-14T11:07:42","date_gmt":"2022-12-14T09:07:42","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=474169"},"modified":"2022-12-14T11:15:56","modified_gmt":"2022-12-14T09:15:56","slug":"apple-fixed-actively-exploited-zero-day-security-flaw-on-iphones","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/474169-apple-fixed-actively-exploited-zero-day-security-flaw-on-iphones.html","title":{"rendered":"Apple fixed actively-exploited iPhone zero-day security flaw"},"content":{"rendered":"<p>Apple recently fixed a zero-day security vulnerability affecting the iPhone 8 and later that the company said was actively exploited, <a href=\"https:\/\/techcrunch.com\/2022\/12\/13\/apple-zero-day-webkit-iphone\/\" target=\"_blank\" rel=\"noopener\"><strong>TechCrunch reports<\/strong><\/a>.<\/p>\n<p>The company rolled out iOS 16.1.2 on 30 November 2022, which it said contained &#8220;important security updates&#8221; without providing any further details.<\/p>\n<p>In a disclosure <a href=\"https:\/\/support.apple.com\/en-us\/HT213516\" target=\"_blank\" rel=\"noopener\"><strong>posted to its website<\/strong><\/a> on Tuesday, 13 December 2022, the company revealed the vulnerability was part of its WebKit browser engine used for Safari and other apps.<\/p>\n<p>When exploited, the flaw could allow for malicious code to run on the target&#8217;s device.<\/p>\n<p>The dangerous payload is typically delivered when a person visits a malicious website in Safari or through an in-app browser that uses WebKit.<\/p>\n<p>Apple said it was aware of the vulnerability being explored against versions of iOS that precede iOS 15.1.<\/p>\n<p>As a result, the company released an update for iOS 15 for those users who had not yet upgraded to iOS 16.<\/p>\n<p>Zero-day flaws refer to vulnerabilities for which the vendor, in this case Apple, is given zero-day&#8217;s notice to fix the flaw.<\/p>\n<p>The vulnerability \u2014 designated CVE-2022-42856 \u2014 was disclosed by Google&#8217;s Threat Analysis Group, which investigates nation-state-supported spyware, cyberattacks, and hacking.<\/p>\n<p>TechCrunch said it was unclear why Apple chose not to include the vulnerability&#8217;s details in its original post about the iOS 16.1.2 update.<\/p>\n<hr \/>\n<h2 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/473657-huge-security-flaw-lets-attackers-trick-antivirus-software-into-wiping-legitimate-data.html\" rel=\"bookmark\">Huge security flaw let attackers trick antivirus software into wiping legitimate data<\/a><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Apple rolled out an &#8220;important security update&#8221; two weeks ago, but only recently revealed that this was aimed at fixing a zero-day flaw that was actively exploited. <\/p>\n","protected":false},"author":23,"featured_media":459867,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sma_x_autopost_status":"idle","_sma_x_autopost_error":"","_sma_x_post_id":"","_sma_x_attempts":0,"footnotes":""},"categories":[27],"tags":[605,79304,691,73714,1125,81376],"class_list":["post-474169","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-apple","tag-google-threat-analysis-group","tag-ios","tag-ios-15-1","tag-iphone","tag-zero-day-vulnerability"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/474169"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=474169"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/474169\/revisions"}],"predecessor-version":[{"id":474177,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/474169\/revisions\/474177"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/459867"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=474169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=474169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=474169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}