iOS 16.2: These security updates will protect your iPhone from multiple vulnerabilities - ZDNet

1 year ago 43

Apple has released iOS 16.2, the latest bundle update for iPhone and iPad, which fixes aggregate information vulnerabilities, including respective that could let cyber attackers to tally commands and instrumentality power of devices.

iOS 16.2 and iPadOS 16.2 contain respective caller features for iPhone and iPad users, but alongside those are the information updates that users are urged to instal to assistance support their devices.

Among the vulnerabilities are CVE-2022-46689, a information flaw successful the kernel -- the halfway of the operating strategy -- that could alteration the execution of arbitrary code. Another flaw successful the kernel -- CVE-2022-42842 -- could let a distant idiosyncratic to execute codification remotely.

Also: Public Wi-Fi information tips: Protect yourself against malware and information threats

The update besides fixes respective information vulnerabilities successful WebKit, which powers web browsers connected iOS and iPadOS. These see 4 antithetic information issues -- CVE-2022-42867, CVE-2022-46691, CVE-2022-46696 and CVE-2022-46700 -- that are each flaws successful WebKit, which could let attackers to nonstop users to maliciously crafted web contented and that mightiness pb to arbitrary codification execution.

Among the different flaws addressed by the latest information update are CVE-2022-42846, a vulnerability successful the graphics operator that could pb to a maliciously crafted video file, which results successful unexpected strategy termination, on with CVE-2022-42837, a flaw successful the iTunes store, which could let a distant idiosyncratic to origin unexpected app termination oregon arbitrary codification execution.

Full details of the vulnerabilities addressed successful the 16.2 update aren't disposable yet. "For our customers' protection, Apple doesn't disclose, discuss, oregon corroborate information issues until an probe has occurred and patches oregon releases are available," said Apple successful a papers disclosing the vulnerabilities.

The latest database of information updates besides reveals accusation astir iOS 16.1.1, a information update for iPhone exclusively, which was released past month. At the time, Apple didn't uncover immoderate accusation astir wherefore this was happening, lone stating that it was important and that users should update arsenic soon arsenic possible.

Now it's been disclosed that the update addressed a information vulnerability that was actively being utilized by cyber attackers to people iPhones. CVE-2022-42856 affects iPhone 8 and aboriginal and is simply a bug which -- by tricking the idiosyncratic into allowing it -- enables the processing of maliciously crafted web contented that could pb to arbitrary codification execution.

The vulnerability was discovered by Google Project Zero, Google's cybersecurity vulnerability-hunting team, though afloat details astir the flaw, who was utilizing it and who was being targeted, person yet to beryllium disclosed.

Also: Follow this 1 elemental regularisation for amended telephone security

In bid to support against each the vulnerabilities, it's recommended that users use the updates erstwhile they can.

"CISA encourages users and administrators to reappraisal the Apple information updates leafage for the pursuing products and use the indispensable updates arsenic soon arsenic possible," said the CISA alert astir the information updates.

If automatic updates aren't already turned on, you tin use the latest updates by going to Settings > General > Software Update.