Apple is a multinational technology company that designs and manufactures consumer electronics, computer software, and online services, it is one of the world’s largest technology companies by revenue and one of the most valuable companies in the world. Apple was founded by Steve Jobs, Steve Wozniak, and Ronald Wayne on April 1, 1976, and is headquartered in Cupertino, California. The company’s hardware products include the iPhone, iPad, Apple Watch, and Apple TV. Its online service includes the iTunes Store, the iOS App Store, and Mac App, as well as iCloud, Apple Music, and Apple Pay.
When it comes to security, Apple takes the security of its products and service very seriously and has a dedicated team of security researchers and engineers who work to identify and mitigate potential security vulnerabilities. Apple also regularly releases updates to its software, including its operating system and built-in apps, to fix any discovered vulnerabilities and improve overall security. Additionally, Apple offers security features built into its hardware and software, such as encryption and biometric authentication, to help protect user data and keep their devices secure.
However, this does not mean that its security is impenetrable. Just recently, Apple confirmed that in an iPhone software update that it fixed a security vulnerability that was actively exploited. An update, iOS 16.1.2 rolled out to all supported iPhones, including iPhone 8 and later.
In the statement released by Apple customer protection on December 13, 2022, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
WebKit is an open-source web browser engine used by many web browsers, such as Safari and Google Chrome. A bug in WebKit refers to a flaw or error in the engine’s code that can cause unintended behavior, such as crashes or security vulnerabilities. WebKit bugs are typically identified and fixed by the WebKit development team, and fixes are released in the form of updates to the engine. WebKit bugs can affect any website or web-based app that uses the engine, and can potentially impact the security and stability of the web browsers that use it.
The iOS 16.1.2 WebKit that was released last November 30, 2022, is available for iPhone 8 and later.
With the impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against a version of iOS released before iOS 15.1.
Description: A type confusion issue was addressed with improved state handling.
WebKit Bugzilla: 248266
CVE-2022-42856: Clément Lecigne of Google’s Threat Analysis Group
Although it is unfortunate for Apple users that a security issue like this happened, Apple takes security matters seriously. Apple also regularly releases updates to its software to fix any discovered vulnerabilities and improve overall security. As for the future of Apple security, we can expect two things, either Apple will make more software updates to secure their customers or they’ll wait for another exploitation before they make a move.