{"id":754,"date":"2022-12-14T09:00:19","date_gmt":"2022-12-14T09:00:19","guid":{"rendered":"https:\/\/cybersecuritynest.com\/?p=754"},"modified":"2022-12-14T09:00:19","modified_gmt":"2022-12-14T09:00:19","slug":"apple-pactches-new-ios-zero-day-used-to-hack-iphones","status":"publish","type":"post","link":"https:\/\/cybersecuritynest.com\/?p=754","title":{"rendered":"Apple pactches new iOS zero-day used to hack iPhones"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D754\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=754&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47--><p>Apple has fixed the tenth zero-day vulnerability since the beginning of the year in security updates that were released today. This latest one was actively used in attacks against iPhones.<\/p>\n<p>Apple warned that the flaw &#8220;may have been actively exploited&#8221; against earlier versions in security bulletins released today for iOS\/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1.<\/p>\n<p>The type confusion issue in Apple&#8217;s Webkit web browser browsing engine is the source of the bug (CVE-2022-42856).<\/p>\n<p>Cl\u00e9ment Lecigne of Google&#8217;s Threat Analysis Group discovered the flaw, which made it possible for maliciously crafted web content to execute arbitrary code on a device that was vulnerable.<\/p>\n<p>The malicious site may be able to execute commands in the operating system through arbitrary code execution, spread additional spyware or malware, or carry out other malicious activities.<\/p>\n<p>With improved state handling, Apple addressed the zero-day vulnerability in the iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).<\/p>\n<p>Patch your iPhones, iPads, and macOS Ventura despite Apple&#8217;s admission that threat actors actively exploited the vulnerability, the company has not provided any additional information about the attacks.<\/p>\n<p>Notwithstanding, as the weakness was found by Cl\u00e9ment Lecigne of Google&#8217;s Alarming statement Knowledge Group, we will probably learn more in a future blog entry.<\/p>\n<p>Users are frequently given the opportunity to patch their devices prior to other threat actors analyzing the fixes and developing their own exploits by delaying the disclosure of information.<\/p>\n<p>Even though this zero-day flaw was probably used in very specific attacks, it is still recommended that you install the most recent security updates as soon as you can.<\/p>\n<p>This is the tenth zero-day fixed by Apple since the start of the year:<\/p>\n<ul>\n<li>In October, Apple\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/apple\/apple-fixes-new-zero-day-used-in-attacks-against-iphones-ipads\/\" target=\"_blank\" rel=\"noopener\">fixed a zero-day<\/a>\u00a0in the iOS Kernel (CVE-2022-42827).<\/li>\n<li>In September, Apple\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/apple-fixes-eighth-zero-day-used-to-hack-iphones-and-macs-this-year\/\" target=\"_blank\" rel=\"noopener\">addressed a flaw<\/a>\u00a0in the iOS Kernel (CVE-2022-32917).<\/li>\n<li>In August, it fixed\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs\/\" target=\"_blank\" rel=\"noopener\">two more zero-days<\/a>\u00a0in the iOS Kernel (CVE-2022-32894) and WebKit (CVE-2022-32893)<\/li>\n<li>In March, Apple\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/apple-emergency-update-fixes-zero-days-used-to-hack-iphones-macs\/\" target=\"_blank\" rel=\"noopener\">patched two zero-day<\/a>\u00a0in the Intel Graphics Driver (CVE-2022-22674) and AppleAVD (CVE-2022-22675).<\/li>\n<li>In February, Apple released security updates\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/apple-patches-new-zero-day-exploited-to-hack-iphones-ipads-macs\/\" target=\"_blank\" rel=\"noopener\">to address another WebKit zero-day bug<\/a>\u00a0exploited to target iPhones, iPads, and Macs.<\/li>\n<li>In January,\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/apple\/apple-fixes-new-zero-day-exploited-to-hack-macos-ios-devices\/\" target=\"_blank\" rel=\"noopener\">Apple patched another pair of zero-days<\/a> allowing code execution with kernel privileges (CVE-2022-22587) and web browsing activity tracking (CVE-2022-22594).<\/li>\n<\/ul>\n<p>Full details are\u00a0 on apple website below<\/p>\n<p>https:\/\/support.apple.com\/en-us\/HT213531#:~:text=Google%20V8%20Security-,WebKit,-Available%20for%3A%20iPhone<\/p>\n<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D754\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=754&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47-->","protected":false},"excerpt":{"rendered":"<p>Apple has fixed the tenth zero-day vulnerability since the beginning of the year in security updates that were released today. This latest one was actively used in attacks against iPhones. Apple warned that the flaw &#8220;may have been actively exploited&#8221; against earlier versions in security bulletins released today for iOS\/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":755,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[10],"tags":[],"class_list":["post-754","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vul-mal"],"aioseo_notices":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/754"}],"collection":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=754"}],"version-history":[{"count":1,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/754\/revisions"}],"predecessor-version":[{"id":756,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/754\/revisions\/756"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/media\/755"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}