This is the tenth zero-day vulnerability that Apple has patched in 2022.
On Tuesday, Apple released a patch for iOS, iPadOS, macOS, tvOS and the Safari web browser that should fix a new 0-day vulnerability that could lead to arbitrary code execution. The security flaw was identified as CVE-2022-42856 and was described by the company as a mix-up in WebKit, the browser engine that powers Safari and other applications. According to experts, the vulnerability could be caused when processing specially crafted content and allowed attackers to execute arbitrary code.
According to Apple, CVE-2022-42856 could have been actively used even before the release of iOS 15.1, but the IT giant is in no hurry to disclose the technical details of the attacks. It is worth noting that the vulnerability was discovered by competitors of the Cupertinos - Google Threat Analysis Group.
The latest patch is available for iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2. It came two weeks after Apple patched CVE-2022-42856 in iOS 16.1.2 on November 30, 2022.