On December 14th, it was announced that the tenth Apple zero-day vulnerability of the year had been discovered. With just a few weeks to go before the New Year, Apple has released important patches to all of their devices to address this zero-day vulnerability.
What is a Zero-Day Vulnerability?
Typically, Zero-Day vulnerabilities are vulnerabilities that are discovered in the wild and exploited. There is often little notice of the vulnerability until it has already been taken advantage of and/or patched.
This zero-day vulnerability, known as CVE-2022-42856, appears to be a confusion issue with the WebKit browser. This is dangerous, because all third-party web browsers such as Chrome, Firefox, and more are required to use WebKit. This is because Apple mandates its usage for their devices.
The zero-day vulnerability causes WebKit to execute arbitrary code when it encounters specially created content. In theory, a bad actor could convince a user to go to a website they created that has his special content, triggering WebKit and allowing the bad actor access to the user device.
What can I do to protect against this vulnerability?
This simplest way to protect yourself against any Zero-Day Vulnerabilities is to update your devices as soon as possible. In this case, Apple has already released a patch for their devices regarding this vulnerability. If you haven’t done so yet, update them immediately.
Major zero-day vulnerabilities often appear in the news like this one did. But every piece of software can find itself vulnerable which is why updating and patch management is key for everyone, especially businesses.
As part of its Managed Services offering, Stronghold Data provides patch management and much more to businesses to help keep them safe and secure. If your business is in need of Managed IT Services, contact Stronghold Data today to get started.