Apple today released security updates that fixed the tenth zero day vulnerability it has discovered since January. This latest vulnerability was actively exploited in attacks on iPhones.
Apple warned that this vulnerability could have been exploited against older versions of iOS/iPadOS 15.7.2 and Safari 16.2, respectively.
The bug ( ) is caused by type confusion in Apple’s Webkit browser.
Clement Lecigne, Google’s Threat Analysis Group discovered the flaw. Maliciously-crafted web content could be used to execute arbitrary code on vulnerable devices.
The malicious site could execute code arbitrarily to access the operating system and deploy other malware, spyware or do any other malign activities.
Apple has addressed zero-day vulnerabilities with better state handling on the following models: iPhone 6s (all versions), iPhone 7s (all models), iPhone SE (1st Generation), iPhone Pro (all Models), iPad Air 2 (later), iPad Air 2 (later), iPad Air 5th Gen and later), iPad mini 4 (later), and iPod Touch (7th Generation).
Repair your iPads and iPhones with macOS Ventura
Apple disclosed the vulnerability to threat actors, but they are yet to disclose any specific details.
We will probably learn more about the vulnerability in a blog post, however, since it was found by Clement Lecigne, Google’s Threat Intelligence team.
This is often done in order to enable users to fix their devices before any other threat actors examine the patches and create their own exploits.
This zero-day vulnerability was most likely exploited in targeted attacks. However, you should still install security updates today.
Apple has now fixed ten zero-days since the beginning of the year.