On 13th Dec, tech giant Apple rolled out security updates for their iOS, iPadOS, macOS, tvOS, and Safari web browser platforms to protect your Apple devices from a 0-day Type Confusion vulnerability iniOS, iPadOS, macOS, tvOS, and Safari web browser. According to Google’s Threat Analysis Group (TAG), the flaw lets attackers perform arbitrary code execution on vulnerable products using specially crafted content. Apple didn’t disclose the technical details about the flaws to avoid the exploitation of the vulnerabilities. Let’s explore what Apple has shared about the 0-Day Type Confusion vulnerability in this post.
A Short Introduction About Webkit Browser Engine
Apple has been using the Webkit browser engine for its Safari browser on Mac, iPad, and iPhone since 2003. It is an open-source project that works to provide better web standards compliance and performance in Apple’s devices. WebKit is designed to be a lightweight, powerful, and easy-to-use browser engine that provides a consistent user experience across all Apple devices. WebKit is also used by many other third-party browsers and apps, such as Google Chrome, Microsoft Edge, and Firefox.
Features of WebKit browser engine:
- Improved HTML5 support for web applications
- Better security and privacy protection
- Enhanced media playback capabilities
- Improved compatibility with various operating systems, including iOS and Mac OS X.
- Support for new web technologies such as WebRTC, WebGL, CSS3, etc.
- Improved support for touch-based interfaces
- Easier to debug and test web applications.
- Automatically checks code for errors.
- Accessibility features, such as VoiceOver, make the web more accessible to people with disabilities.
- Support for browser extensions and plugins.
- Support for cross-platform web applications.
- Improved support for web standards and protocols.
- Page loading is faster than other browser engines.
Summary of CVE-2022-42856
The vulnerability, which is tracking under CVE-2022-42856, is a 0-Day Type Confusion Vulnerability in iOS, iPadOS, macOS, tvOS, and Safari web browsers. The flaw is stemmed from the WebKit browser engine, an open-source project that works to provide better web standards compliance and performance in leading web browsers such as Safari, Google Chrome, Microsoft Edge, and Firefox.
According to Clément Lecigne from Google’s Threat Analysis Group (TAG), the flaw lets attackers perform arbitrary code execution on vulnerable products using specially crafted content. Apple also wrote that it is aware of a report that this issue could have been actively exploited against versions of iOS released older than iOS 15.1. So, It’s worth noting how to protect your Apple devices from a 0-Day Type Confusion vulnerability in iOS, iPadOS, macOS, tvOS, and Safari Web Browser.
Apple Products Vulnerable to CVE-2022-42856
All iOS, iPadOS, macOS, and tvOS platforms are vulnerable to this 0-day Type Confusion vulnerability. Since the active exploitations are found in the wild, it is recommended to apply the patch to all Apple products to protect your Apple devices from the 0-Day Type Confusion Vulnerability.
How to Protect Your Apple Devices From a 0-Day Type Confusion Vulnerability in iOS, iPadOS, macOS, tvOS, and Safari Web Browser?
Apple released security updates in that it says it has released iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2 to fix the flaw. We recommend all the users of iPhones, iPad, MacBooks, and Apple TV should upgrade their OS to the latest release. Please visit the Apple security updates page to read information about all the recently released security updates.
How to Update iOS and iPadOS to 15.7.2?
Follow the procedure shone in this picture to update iOS and iPadOS:
Go to Settings > General > Software Update > Click on Download and Install Updates.
How to Update macOS to Ventura 13.1?
Follow the procedure shone in this picture to update macOS:
Go to Apple menu in the corner of your screen then Click Software Update in the System Preferences window.