Apple has released software updates for certain older iPhone and iPad models to address a vulnerability that could allow an attacker to remotely exploit the device. The vulnerability has been identified as CVE-2022-42856, which stands for Common Vulnerabilities and Exposures.
The updates, iOS 15.7.2 and iPadOS 15.7.2, have been issued to all iPhone 6s models, all iPhone 7 models, the first-generation iPhone SE, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the seventh-generation iPod touch.
The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group and was caused by a WebKit type-confusion error. This means that there was an error in the software code that did not match what the software was expecting. Attackers could then trick iPhone and iPad users into visiting a malicious webpage, which would give the attacker control of the device. WebKit is the browser engine developed by Apple and is used on Safari and other browsers.
Consequences of the Attack
If exploited, this vulnerability could allow an attacker to run any command or code on the targeted device, deploy additional malware and spyware, and steal personal information from the device. Apple has acknowledged that the vulnerability may have been actively exploited against versions of iOS released before iOS 15.1.
If you own one of the devices listed in the second paragraph, it is recommended that you install the updates as soon as possible by going to Settings > General > Software Update.