Apple patches urgent iOS zero-day flaw — update your iPhone now

iPhone 14 Pro on table with display facing up
(Image credit: Future)

iOS 16.2 rolled out this week, and it seems it came just in time.

According to Bleeping Computer (opens in new tab), this week’s iOS 16.2 update fixes a zero-day hack used to attack iPhones. In fact, this vulnerability is being actively exploited in the wild to attack iPhone users, so make sure you update to iOS 16.2 now. If you’re not sure how to update, check out our guide on how to update to iOS 16.2

The bug in question is a type confusion issue in Apple’s Webkit browsing engine that is used in Safari, among other Apple apps. Type confusion issues occur when a piece of code doesn’t verify the type of an object that is passed to it and uses the object blindly, according to the Microsoft Defender Security Research Team (opens in new tab)

In this type of confusion exploit, maliciously crafted web content is used to perform arbitrary code execution (opens in new tab), caused by a software error in Apple’s Webkit to execute commands in the operating system, deploy additional malware or spyware or execute other potentially malicious actions. It was discovered by Clément Lecigne of Google's Threat Analysis Group in iOS 16.1.2 according to Apple (opens in new tab), who only disclosed it this week.  

ios 15 beta hands-on review

(Image credit: Tom's Guide)

While Apple hasn't disclosed how attacks exploiting this vulnerability work due to security reasons we do know that it’s not just iPhones like the iPhone 14 that are affected. Any device not running iOS 16.2 or iPadOS 16.2 could be vulnerable, though Apple did release iOS 15.7.2 as a security-only update for some older devices and perhaps now we know why. 

It’s also not just iPhones and iPads that are vulnerable. As many of Apple's products use WebKit, this exploit could impact a wide array of devices. While Apple claims (opens in new tab) that only versions of iOS prior to iOS 15.1 may have been exploited by malicious actors, we found evidence of a patch for this exploit in the security notes for Safari 16.2 (opens in new tab), tvOS 16.2 (opens in new tab) and macOS Ventura 13.1 (opens in new tab). So make sure you update all of your Apple devices right now just to be safe.  

Malcolm McMillan
News Writer

Malcolm McMillan is a News Writer for Tom's Guide, writing about the latest in tech, gaming and entertainment with a particular focus on phones and virtual reality. Before writing for Tom's Guide, he worked many retail jobs and many Black Fridays, including a stint for Microsoft so he knows all about finding the best prices for the latest tech. Malcolm had also been a fantasy football analyst for several years prior to his time with Tom's Guide. He is passionate about video games and sports, though both cause him to yell at the TV frequently. He proudly sports many tattoos, including an Arsenal tattoo, in honor of the team that causes him to yell at the TV the most.