XPost: misc.phone.mobile.iphone
Older iOS devices are seriously vulnerable to this active exploit.
The attackers have mostly pwned any iOS 12 device they could find.
Apple has issued an emergency patch for older kit to fix a WebKit security
flaw that Cupertino warns is under active attack.
https://www.theregister.com/2023/01/24/apple_iphone_bug_under_exploit/
On Monday, Apple released iOS 12.5.7 for iPhone 5s, iPhone 6, iPhone 6
Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-generation iPod touch.
It also updated iOS and iPadOS 15 and 16, but it appears that, at least as
of now, attackers are only going after devices running the very-old iOS 12.
If you have one of these older devices, we'd suggest updating to the new
iOS immediately as the vulnerability that it fixes, tracked as
CVE-2022-42856, sounds like a nasty one. Websites, for one, can exploit
this flaw to hijack vulnerable phones that surf by.
"Processing maliciously crafted web content may lead to arbitrary code execution," Apple warned in the security update. "Apple is aware of a this issue may has been actively exploited against versions of iOS released
before iOS 15.1."
Apple didn't provide any other details about who is responsible for the in-the-wild exploits. The bug was, however, discovered by Google Threat Analysis Group's Clément Lecigne, and that's significant because TAG tracks nation-state attackers and commercial spyware, so it's unlikely that the CVE-2022-42856 exploits will be attributed to a bunch of script kiddies.
Also, if CVE-2022-42856 sounds familiar, it should. Apple patched the vulnerability in iOS 16 in December and iOS 15 in November. But not
everyone updates or can update.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)