When iOS 16.1.2 arrived on November 30, we weren’t completely certain why Apple couldn’t wait till iOS 16.2, which was proper across the nook. On the time, Apple’s launch notes mentioned the replace contained enhancements to the iPhone 14’s Crash Detection and nondescript service upgrades, neither of which appeared very urgent.

However there was a hidden purpose for Apple to push out the replace when it did. On the time, we knew there was not less than one safety replace, however Apple declined to inform us what it was. As a part of the flurry of updates yesterday, Apple disclosed the rationale for the updates and it’s a doozy.

The replace fixes a zero-day vulnerability in Apple’s WebKit engine for Safari that might enable a hacker to execute arbitrary code in your Mac. The flaw is because of a kind confusion challenge and was addressed with improved state dealing with. Apple says it’s conscious of a report that this challenge might have been actively exploited “towards variations of iOS launched earlier than iOS 15.1.”

The vulnerability (categorized as CVE-2022-42856) was discovered as a part of the Bugzilla program by Clément Lecigne of Google’s Menace Evaluation Group. In response to Bleeping Laptop, that is the tenth zero-day vulnerability Apple has fastened in 2022. A zero-day vulnerability is one which was beforehand unknown to distributors.

It’s not clear why Apple didn’t disclose this bug for 2 weeks, however it’s one of many solely instances it’s accomplished so. Apple additionally disclosed quite a few WebKit flaws yesterday as a part of the Safari 16.2 launch in macOS and iOS.