Apple has released eight security updates to address vulnerabilities in multiple products. Apple is reporting exploitation of CVE-2022-42856, which impacts iOS and iPadOS. A remote attacker could exploit some of these vulnerabilities to take control of a vulnerable system.

Apple reports exploitation CVE-2022-42856

Apple has released a new security update to resolve an exploited vulnerability tracked as CVE-2022-42856 within iOS and iPadOS. The vulnerability could allow an attacker to execute arbitrary code on the device after processing maliciously crafted web content. This vulnerability could enable an attacker to execute malicious code on the device or to corrupt sensitive data.

Remediation advice

Affected organisations are encouraged to review the following Apple security advisories and apply any relevant updates or workarounds.

Remediation steps

Type	Step
Patch	Safari 16.3 \| HT213600 https://support.apple.com/en-gb/HT213600
Patch	macOS Monterey 12.6.3 \| HT213604 https://support.apple.com/en-gb/HT213604
Patch	macOS Big Sur 11.7.3 \| HT213603 https://support.apple.com/en-gb/HT213603
Patch	watchOS 9.3 \| HT213599 https://support.apple.com/en-gb/HT213599
Patch	iOS 15.7.3 and iPadOS 15.7.3 \| HT213598 https://support.apple.com/en-gb/HT213598
Patch	iOS 16.3 and iPadOS 16.3\| HT213606 https://support.apple.com/en-gb/HT213606
Patch	iOS 12.5.7 \| HT213597 https://support.apple.com/en-gb/HT213597
Patch	macOS Ventura 13.2 \| HT213605 https://support.apple.com/en-gb/HT213605

Definitive source of threat updates

https://support.apple.com/en-us/HT201222

CVE Vulnerabilities

Status Published

CVE-2022-42856

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.

Last edited: 24 January 2023 2:28 pm