Wednesday, December 6, 2023
Google search engine
HomeTechnologyApple fixes zero-day security bug that was 'exploited' on most iPhones

Apple fixes zero-day security bug that was ‘exploited’ on most iPhones


Apple has fixed a zero-day security vulnerability that was actively exploited on most iPhones, in its latest iOS software update.

Available for iPhone 8 and later, Impact: Processing maliciously crafted web content may lead to arbitrary code execution.

Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.

The update, iOS 16.1.2, has been rolled out to all supported iPhones with unspecified “important security updates.”

In a security update, Apple said the update fixed a flaw in WebKit, the browser engine that powers Safari and other apps.

If exploited, it could allow malicious code to run on the user devices.

“A type confusion issue was addressed with improved state handling,” said Apple.

According to the tech giant, security researchers at Google’s Threat Analysis Group (TAG) first discovered and reported the WebKit bug to the company.

Apple said that the vulnerability was exploited “against versions of iOS released before iOS 15.1”, which was released in October 2021.

The bug in WebKit’s implementation of a JavaScript API called “IndexedDB” can reveal your recent browsing history and even your identity.

A zero-day vulnerability is a bug in a system or device that has been disclosed but is not yet patched.

Apple has released iOS 16.2, which includes end-to-end encryption for data backed up in iCloud and other new features.



(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)


Source link

- Advertisment -
Google search engine

Most Popular

Recent Comments