iOS 16.2 and iPadOS 16.2 contain several new features for iPhone and iPad users, but alongside those are the security updates that users are urged to install to help protect their devices. Among the vulnerabilities are CVE-2022-46689, a security flaw in the kernel – the core of the operating system – that could enable the execution of arbitrary code. Another flaw in the kernel – CVE-2022-42842 – could allow a remote user to execute code remotely. Also: Public Wi-Fi safety tips: Protect yourself against malware and security threats The update also fixes several security vulnerabilities in WebKit, which powers web browsers on iOS and iPadOS. These include four different security issues – CVE-2022-42867, CVE-2022-46691, CVE-2022-46696 and CVE-2022-46700 – that are all flaws in WebKit, which could allow attackers to direct users to maliciously crafted web content and that might lead to arbitrary code execution. Among the other flaws addressed by the latest security update are CVE-2022-42846, a vulnerability in the graphics driver that could lead to a maliciously crafted video file, which results in unexpected system termination, along with CVE-2022-42837, a flaw in the iTunes store, which could allow a remote user to cause unexpected app termination or arbitrary code execution. Full details of the vulnerabilities addressed in the 16.2 update aren’t available yet. “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,” said Apple in a document disclosing the vulnerabilities. The latest list of security updates also reveals information about iOS 16.1.1, a security update for iPhone exclusively, which was released last month. At the time, Apple didn’t reveal any information about why this was happening, only stating that it was important and that users should update as soon as possible. Now it’s been disclosed that the update addressed a security vulnerability that was actively being used by cyber attackers to target iPhones. CVE-2022-42856 affects iPhone 8 and later and is a bug which – by tricking the user into allowing it – enables the processing of maliciously crafted web content that could lead to arbitrary code execution. The vulnerability was discovered by Google Project Zero, Google’s cybersecurity vulnerability-hunting team, although full details about the flaw, who was using it and who was being targeted, have yet to be disclosed. Also: Follow this one simple rule for better phone security In order to protect against all the vulnerabilities, it’s recommended that users apply the updates when they can. “CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible,” said the CISA alert about the security updates. If automatic updates aren’t already turned on, you can apply the latest updates by going to Settings > General > Software Update.
MORE ON CYBERSECURITY
iPhone iOS 16.1.1 fixes two security vulnerabilities – time to updateSafeguard your iPhones, iPads and Macs: Apply these security updates nowGoogle’s hackers: Inside the cybersecurity red team that keeps Google safeAndroid security update fixes more than 80 security vulnerabilities - including four criticalHere are the top phone security threats in 2022 and how to avoid them