Apple has released fixes to address numerous serious security vulnerabilities for the flagship iOS and macOS platforms.
The most serious of the documented vulnerabilities affect WebKit and can expose iOS and macOS devices to code execution attacks through malicious web content.
For mobile devices, Apple has released iOS 16.3 and iPadOS 16.3 with fixes for more than a dozen documented security flaws in a number of OS components, including three bugs in the WebKit rendering engine that expose devices to RCE.
The iOS and iPadOS 16.3 update also closes privacy and data disclosure vulnerabilities in AppleMobileFileIntegrity, ImageIO, Kernel, Maps, Safari, Screen Time and Weather.
Apple has released bug fixes with fixes for about 25 vulnerabilities, some of which are serious enough to cause code execution attacks.
At the same time, WebKit problems also affect users of the Apple macOS Ventura, Monterey and Big Sur operating systems.
In addition, Apple has fixed the actively exploited 0-day in iOS, which can be used remotely on older iPhones and iPads.
Discovered by Clement Lesin of Google TAG CVE-2022-42856 arises from a lack of type confusion in the mechanism of viewing the Apple Webkit web browser and allows using malicious web pages to execute arbitrary code (and probably access confidential information) on vulnerable devices.
After executing arbitrary code, attackers can execute commands in the underlying OS, deploy additional malicious or spyware payloads, or launch other actions.
In the published bulletin, Apple noted that it is aware of reports that this vulnerability could be actively exploited. However, she did not provide details of these attacks.
The company fixed the bug by improving status processing for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3 and iPod touch (6th generation).
iOS 16.3 also implements support for hardware security keys for additional protection against phishing attacks and unauthorized access to devices.
In addition, Apple has fixed dozens of other security flaws in its Safari web browser and its latest versions for macOS, iOS and watchOS