Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads


On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones.

The IT giant released security bulletins for iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1. Apple addressed the vulnerability with improved state handling for the iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

The CVE-2022-42856 flaw is a type confusion issue that impacts the WebKit browser engine, an attacker can exploit the bug when processing specially crafted content to achieve arbitrary code execution.