Apple fixes zero-day bug that was ‘exploited’ on most iPhones

New Delhi, Dec 14 (IANS) Apple has fixed a zero-day security vulnerability that was actively exploited on most iPhones, in its latest iOS software update.

Available for iPhone 8 and later, Impact: Processing maliciously crafted web content may lead to arbitrary code execution.

Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.

The update, iOS 16.1.2, has been rolled out to all supported iPhones with unspecified “important security updates.”

In a security update, Apple said the update fixed a flaw in WebKit, the browser engine that powers Safari and other apps.

If exploited, it could allow malicious code to run on the user devices.

“A type confusion issue was addressed with improved state handling,” said Apple.

According to the tech giant, security researchers at Google’s Threat Analysis Group (TAG) first discovered and reported the WebKit bug to the company.

Apple said that the vulnerability was exploited “against versions of iOS released before iOS 15.1”, which was released in October 2021.

The bug in WebKit’s implementation of a JavaScript API called “IndexedDB” can reveal your recent browsing history and even your identity.

A zero-day vulnerability is a bug in a system or device that has been disclosed but is not yet patched.

Apple has released iOS 16.2, which includes end-to-end encryption for data backed up in iCloud and other new features.

–IANS

na/ksk/