An actively exploited iOS zero-day vulnerability was found in older versions of Apple’s iPhones and iPads. CVE-2022-42856 is a WebKit vulnerability located in devices running iOS prior to version 15.1. The vulnerability allows attackers to execute arbitrary code through specially crafted web content, ultimately gaining access to sensitive information.  

Additionally, if an attacker is successful, they could run commands on the underlying operating system, distribute more malware or spyware, or trigger other malicious activity. The vulnerability was initially observed by Google’s Threat Analysis Group (TAG) and in December 2022, Apple issued the first batch of patches for it by releasing iOS 16.2. At the time, the fix also included macOS Ventura 13.1, tvOS, Safari 16.2, and iOS and iPadOS 15.7.2. The most recent release of iOS 12.5.7 addresses CVE-2022-42856. 

Apple has received reports of active exploitation, but the company has not published information regarding the attacks. Apple is likely concealing the information to allow as many users as possible the time to patch their devices before attackers exploit the zero-day. If you are in possession of the following devices:  iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation), please apply the appropriate update as soon as possible.  



avertium's recommendations

Avertium recommends that users apply the appropriate patch for versions of iOS released before iOS 15.1. You may find patch guidance via Apple’s support page.




At this time, there are no known IoCs associated with CVE-2022-42856. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   



How Avertium is Protecting Our CUSTOMERS

While Apple products are not widely used at an enterprise level, these devices could provide an attack vector to company executives. Avertium is raising awareness among our customers to patch this vulnerability before it is too late.  




About the security content of iOS 12.5.7 - Apple Support 

Apple Patches Exploited iOS Vulnerability in Old iPhones – SecurityWeek 

Apple fixes actively exploited iOS zero-day on older iPhones, iPads (bleepingcomputer.com) 





Related Resource:  2023 Cybersecurity Landscape: 8 Lessons for Cybersecurity Professionals

Chat With One of Our Experts

Flash Notice Apple Apple Zero-Day Vulnerability Blog