The latest Apple security update includes a fix for an actively exploited security vulnerability that could allow arbitrary code execution on iPhone 8 and above.
The bug, fixed with the iOS 16.1.2 update, is a type confusion issue in the WebKit browser engine. Type confusion occurs when a piece of code doesn’t verify the type of object that is passed to it; in this case, it can be be triggered when processing specially crafted content, Apple noted in its advisory.
As for the active exploitation, the mobile giant noted that it is “aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.”
Apple has been plagued by zero-day exploits over the past several months.