Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-day Vulnerability in Apple Products
Alerts

Active Exploitation of Zero-day Vulnerability in Apple Products

14 December 2022

Apple has released a security update to fix a zero-day vulnerability (CVE-2022-42856) in their products. This vulnerability is reportedly being actively exploited.

The vulnerability affects WebKit, a browser engine that powers Safari and other apps. Successful exploitation of the vulnerability could allow malicious code to run on affected products.

The vulnerability affects the following products:

  • iPhone 5s

  • iPhone 6

  • iPhone 6 Plus

  • iPhone 6s (all models)

  • iPhone 7 (all models)

  • iPhone SE (1st generation)

  • iPad Pro (all models)

  • iPad Air

  • iPad Air 2 and later

  • iPad 5th generation and later

  • iPad mini 2

  • iPad mini 3

  • iPad mini 4 and later

  • iPod touch (6th generation)

  • iPod touch (7th generation)

Users of affected products are advised to upgrade to the latest versions immediately.

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available at:

https://support.apple.com/en-bn/HT213537

https://www.bleepingcomputer.com/news/apple/apple-fixes-new-webkit-zero-day-used-in-attacks-against-iphones

Back to top