Apple fixes zero-day bug that was 'exploited' on most iPhones


New Delhi, Dec 14 (IANS): Apple has fixed a zero-day security vulnerability that was actively exploited on most iPhones, in its latest iOS software update.

Available for iPhone 8 and later, Impact: Processing maliciously crafted web content may lead to arbitrary code execution.

Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.

The update, iOS 16.1.2, has been rolled out to all supported iPhones with unspecified "important security updates."

In a security update, Apple said the update fixed a flaw in WebKit, the browser engine that powers Safari and other apps.

If exploited, it could allow malicious code to run on the user devices.

"A type confusion issue was addressed with improved state handling," said Apple.

According to the tech giant, security researchers at Google's Threat Analysis Group (TAG) first discovered and reported the WebKit bug to the company.

Apple said that the vulnerability was exploited "against versions of iOS released before iOS 15.1", which was released in October 2021.

The bug in WebKit's implementation of a JavaScript API called "IndexedDB" can reveal your recent browsing history and even your identity.

A zero-day vulnerability is a bug in a system or device that has been disclosed but is not yet patched.

Apple has released iOS 16.2, which includes end-to-end encryption for data backed up in iCloud and other new features.

 

  

Top Stories


Leave a Comment

Title: Apple fixes zero-day bug that was 'exploited' on most iPhones



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.