Over the past week, Apple has rolled out several important security updates. It also includes updates to iOS 16, iOS 15, and even iOS 12 to protect iPhones from critical vulnerabilities that are still prevalent. This also applies to older iPhone models.
The iPhone 5s was released in 2013 and was discontinued in 2016, but Apple still provides important software updates from time to time. Latest software for these older devices, iOS 12.5.7which was released last week and patched a bug with a catchy name CVE-2022-42856 On older iPhones and iPads such as iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, iPod touch (6th generation).
For newer versions of the iPhone, CVE-2022-42856 was quelled at the end of November as part of iOS 16.1.2. Other devices were also addressed with the release of iOS 15.7.2, iPadOS 15.7.2, tvOS 16.2, and macOS Ventura 13.1. Basically, if you’ve been tapping “Remind Me Tomorrow” on Apple’s update for weeks, now is the time.
First discovered late last year by Clément Lecigne of Google’s Threat Analysis Group, CVE-2022-42856 is a bug in Apple’s WebKit browser engine that allows attackers to execute code on iPhones, iPads and Macs. Allows you to create web content. Even Apple TV. Everyone is a little reluctant about the details of the exploit, so more bad guys won’t be able to figure it out, but Severity score is HighThis is a scale that goes from None, Low, Moderate, High to Severe. This is based both on how much control these kinds of exploits give the attacker and how easily and widely they can be implemented.
Importantly, Apple said on January 23rd: have been reported That this issue is “actively exploited”. That said, there are hackers using this vulnerability to target Apple devices (including older devices running iOS 12), so we recommend updating to be safe.
CVE-2022-42856 released last week, iOS 16.3, iPadOS 16.3, macOS Ventura 13.2, watchOS 9.3 as well as Squash long list of vulnerabilitiesAmong them are two WebKit bugs, two macOS denial of service vulnerabilities, and two macOS kernel vulnerabilities that allow attackers to execute malicious code, which can be exploited to infiltrate confidential data. It can leak information, execute malicious code, or reveal details of memory structures. — possibly allowing further attacks.
But these latest updates do more than just address bugs.rear announced last yearApple Add security key support to Apple IDBasically, instead of getting a two-factor authentication (2FA) code sent to your phone when you log into your Apple ID, Can be intercepted by hackersyou can use a hardware security key that connects to your Apple device via USB port, Lightning port, or NFC. much safer An attacker would have to physically steal the security key and obtain the password to access the account.
You need at least two to set up your phone with a hardware security system. FIDO-certified A security key compatible with your Apple device in case you lose it. Apple YubiKey 5C NFC Also YubiKey 5Ci Most Mac and iPhone models, and FEITAN ePass K9 NFC USB-A For older Macs. Also, the device should be updated to iOS 16.3 and macOS Ventura 13.2.When you’re ready, click the relevant Settings app’s[パスワードとセキュリティ]In the section you can connect your security key to your account.
