Skip to content

Apple iOS Type Confusion vulnerability - 20221216004

Overview

Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.

What is the threat?

Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.

What is the vulnerability ?

CVE-2022-42856 - Known to be exploited.

What is vulnerable ?

  • iPhone 8 and later
  • iOS released before iOS 15.1

What has been observed ?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

The ACSC is aware the vulnerability may have been exploited in the wild. The ACSC is not aware of successful exploitation attempts against Australian organisations.

Recommendation

Due to known exploitations, the WA SOC recommends remediating these vulnerabilities within the next two weeks.

Reference