Apple has recently addressed an actively exploited security flaw on older iPhone and iPad models, which could lead to arbitrary code execution. The issue concerns a type confusion bug in the WebKit browser engine that was originally addressed by the company with improved checks as part of updates released on February 13, 2021.
An anonymous researcher is credited with reporting the bug
An anonymous researcher has been credited with reporting the bug. Apple has since issued an advisory, warning of active exploitation of the vulnerability. The advisory states that “processing maliciously crafted web content may lead to arbitrary code execution.”
Details of the exploit are not yet known
At this time, details surrounding the exact nature of the exploitation are not known. Apple has not commented further on the matter, but it is clear that the company is taking the threat very seriously.
Improved checks were added in the February 13, 2023 updates
The vulnerability was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2022. The update is available in versions iOS 15.7.4 and iPadOS 15.7.4 for certain iPhone and iPad models. If you haven’t updated your device yet, it is strongly recommended that you do so.
Active Exploitation
Apple added that they are “aware of a report that this issue may have been actively exploited.” This means that hackers may have been able to exploit the vulnerability to gain access to users’ personal data or other sensitive information. Apple has not provided any information on the extent of the damage caused by the exploit.
Numerous bug fixes have been rolled out
The disclosure comes as Apple rolled out updates with numerous bug fixes. It is important to note that these updates address a variety of issues and are not solely focused on the type confusion bug in the WebKit browser engine.
The security of our devices is becoming increasingly important as more of our lives are lived online. It is important to keep our devices updated with the latest updates and patches to protect against any possible exploits. In light of this news, it’s a good time to remind users to ensure that their devices always run the latest software version.