Apple fixes actively exploited iOS zero-day on older iPhones, iPads


Apple has backported security patches addressing a remotely exploitable zero-day vulnerability to older iPhones and iPads.

This bug is tracked as CVE-2022-42856, and it stems from a type confusion weakness in Apple’s Webkit web browser browsing engine.

Apple said that the flaw discovered by Clément Lecigne of Google’s Threat Analysis Group allows maliciously crafted webpages to perform arbitrary code execution (and likely gain access to sensitive information) on vulnerable devices.

Attackers can successfully exploit this flaw by tricking their targets into visiting a maliciously crafted website under their control.

Read more…