iOS 16: the latest update fixes a dangerous zero-day flaw that has already been exploited

Two weeks ago, Apple rolled out a new update for iOS 16. Today, the Cupertino company admits that it has corrected a dangerous security flaw. Unfortunately, the fix didn’t arrive fast enough to prevent hackers from exploiting this vulnerability.

On November 30, iOS 16.1.2 was rolled out to compatible iPhones. If at first glance the update did not come to change much on the operating system, we suspected that Apple had taken the opportunity to correct some usual security flaws. It took two more weeks for the firm to admit that a zero-day flaw was among the list of fixes made.

The Cupertino company made it clear at the time that the update brought “major security patches”, but did not give more details. So we now know what it’s all about. The manufacturer has indeed specified that the Webkit engine, which allows Safari and other in-app browsers to function correctly, contained a dangerous vulnerability before the deployment of the patch.

Update your iPhone right away if you haven’t already

This vulnerability is therefore a zero-day flaw, which means that hackers were able to exploit it before the breach was closed. Unfortunately, Apple confirms that this was the case. According to the firm, the flaw allowed hackers to remotely execute malicious code on targeted iPhones, presumably to recover sensitive data about their victims.

Related — iOS 16.1: iPhones Now Support NES, N64, and Megadrive Switch Controllers

It is also not uncommon for Webkit to be used as a gateway by hackers to carry out their attacks, as the flaws in the engine can be used to link to other vulnerabilities within the target device. According to Apple, the vulnerability was exploited on iPhones running iOS 15.1 and earlier. If you still haven’t installed iOS 16.2, then it is urgent to do so to best protect yourself against threats.