Apple has released a few special software updates for older iPhone and certain iPad models. This was done to remove a dangerous flaw that could allow an attacker to remotely exploit the vulnerability given the tracking number CVE-2022-42856
. CVE stands for common vulnerabilities and exposures.
The tech giant has one security bulletin
on Monday along with the two aforementioned updates, iOS 15.7.2 and iPadOS 15.7.2. It was distributed to all iPhone 6s models, all iPhone 7 models, the first generation iPhone SE, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the seventh generation Touch iPod.
The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group and was caused by a WebKit typo confusion. Simply put, something in the software code didn’t match what the software expected. The attackers can then trick iPhone and iPad users into visiting a malicious web page created by the attackers, putting the device under the control of the attackers. WebKit is the browser engine developed by Apple and is used in Safari and other browsers.
The seventh generation iPod touch is one of the devices that received the iOS 15.7.2 update
This attack can execute any command or code on the targeted device, deploy additional malware and spyware, and steal a user’s personal information. Or, as Apple says, “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released prior to iOS 15.1.”
Don’t gloss over Apple’s statement, as you’ll see the company reveal that it’s aware of a report saying the flaw has been exploited on devices running versions of iOS older than the 15.1 release.
If you own one of the Apple devices mentioned in the second paragraph, you should install the update as soon as possible by going to Settings > General > Software update.