Apple issues emergency patch for outdated iPhones after criminals pounce on WebKit - The Register

Apple has issued an exigency spot for older kit to hole a WebKit information flaw that Cupertino warns is nether progressive attack.

On Monday, Apple released iOS 12.5.7 for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-generation iPod touch. It besides updated iOS and iPadOS 15 and 16, but it appears that, astatine slightest arsenic of now, attackers are lone going aft devices moving the very-old iOS 12.

If you person 1 of these older devices, we'd suggest updating to the caller iOS instantly arsenic the vulnerability that it fixes, tracked arsenic CVE-2022-42856, sounds similar a peculiarly nasty one.

"Processing maliciously crafted web contented whitethorn pb to arbitrary codification execution," Apple warned successful the information update. "Apple is alert of a study that this contented whitethorn person been actively exploited against versions of iOS released earlier iOS 15.1."

Apple didn't supply immoderate different details astir who is liable for the in-the-wild exploits. The bug was, however, discovered by Google Threat Analysis Group's Clément Lecigne, and that's important due to the fact that TAG tracks nation-state attackers and commercial spyware, truthful it's improbable that the CVE-2022-42856 exploits volition beryllium attributed to a clump of publication kiddies. 

Also, if CVE-2022-42856 sounds familiar, it should. Apple patched the vulnerability successful iOS 16 successful December and iOS 15 successful November. But not everyone updates.

While the iPhone bug is the astir urgent, Apple besides released bundle updates to hole flaws successful its different products this week. This includes Apple TVs, its Safari web browser, macOS Big Sur, Monterey and adjacent Ventura (is anyone inactive moving this OS?), and Apple Watches bid 4 and later.

None of the vulnerabilities listed successful these different information updates are nether progressive exploit — that we cognize of astatine least.

On Tuesday, the US Cybersecurity and Infrastructure Security Agency weighed successful connected the Apple bugs, too, and urged users and administrators to "apply the indispensable updates arsenic soon arsenic possible."

Mark your calendar: it's Data Privacy Day

In summation to fixing a clump of bugs, Apple besides rolled retired acquisition resources and a abbreviated movie to beforehand consciousness astir however users tin amended support their backstage information utilizing Apple's built-in information controls, truthful agelong arsenic you're not successful China. 

The caller videos volition spell unrecorded connected January 28, successful grant of Data Privacy Day, which falls six days aft different US privateness milestone — Roe v. Wade — would person celebrated 50 years of law extortion if the Supreme Court hadn't overturned the guaranteed close to termination past year.

• Punch-drunk Apple Watch called 15 cops to a boxing workout erstwhile it heard 'shots'
• Apple patches actively exploited iPhone, iPad kernel vulns
• Microsoft fixes Windows database connections it broke successful November
• Russians accidental they tin drawback bundle from Intel again

But backmost to Apple: connected Saturday the tech elephantine volition debut a video, titled "Taking Charge of Your Privacy connected iPhone," that explains however to customize features including Mail Privacy Protection, Safety Check, Location Services, and passkeys. 

And here's however Apple describes the short: 

So aft you've spent the work-week updating each of your devices' operating systems, instrumentality a interruption and (hopefully) people a fewer laughs. If you're successful America that is. ®