Over the past week, Apple has rolled out several important security updates. It also includes updates to iOS 16, iOS 15, and even iOS 12 to protect iPhones from critical vulnerabilities that are still prevalent. This also applies to older iPhone models.
The iPhone 5s was released in 2013 and was discontinued in 2016, but Apple still provides important software updates from time to time. iOS 12.5.7, the latest software for these older devices, was released last week, and it’s been patched for bug CVE-2022-42856, the catchy name for older iPhones and iPads, including the iPhone 5s, iPhone 6, iPhone 6 Plus and iPad. Patch Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
For newer versions of the iPhone, CVE-2022-42856 was quelled at the end of November as part of iOS 16.1.2. Other devices were also addressed with the release of iOS 15.7.2, iPadOS 15.7.2, tvOS 16.2, and macOS Ventura 13.1. Basically, if you’ve been tapping “Remind Me Tomorrow” on Apple’s update for weeks, now is the time.
First discovered late last year by Clément Lecigne of Google’s Threat Analysis Group, CVE-2022-42856 is a bug in Apple’s WebKit browser engine that allows attackers to execute code on iPhones, iPads and Macs. Allows you to create web content. Even Apple TV. Everyone is a little reluctant about the details of the exploit, so more bad guys won’t be able to figure it out, but the severity score is ‘high’. This is a scale that goes from none, low, medium, high, to severe. This is based both on how much control these kinds of exploits give the attacker and how easily and widely they can be implemented.
Importantly, Apple said on January 23rd that it had received reports of the issue being “actively exploited.” That said, there are hackers using this vulnerability to target Apple devices (including older devices running iOS 12), so we recommend updating to be safe.
CVE-2022-42856, released last week for iOS 16.3, iPadOS 16.3, macOS Ventura 13.2, and watchOS 9.3, squashes a long list of vulnerabilities as well. Among them are two WebKit bugs, two macOS denial of service vulnerabilities, and two macOS kernel vulnerabilities that allow attackers to execute malicious code, which can be exploited to extract sensitive information. , execute malicious code, or identify details of memory structures. — possibly allowing further attacks.
But these latest updates do more than just address bugs. After being announced last year, Apple added support for security keys to Apple IDs. Essentially, logging into your Apple ID allows you to use a hardware security key that connects to your Apple device via a USB port instead of sending a two-factor authentication (2FA) code to your phone that hackers can intercept. , Lightning port, or NFC. Greatly improves security, as the attacker must physically steal the security key, obtain the password, and gain access to the account.
To start setting up your phone with a hardware security system, you’ll need at least two FIDO-certified security keys compatible with your Apple device, just in case you lose them. Apple recommends the YubiKey 5C NFC or YubiKey 5Ci for most Mac and iPhone models, and the FEITAN ePass K9 NFC USB-A for older Macs. Also, the device should be updated to iOS 16.3 and macOS Ventura 13.2.When you’re ready, click the relevant Settings app’s[パスワードとセキュリティ]In the section you can connect your security key to your account.