Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability

Apple on Wednesday backported security updates to older iPhones,
iPads, and iPod touch devices to address a critical security flaw^[1]
that has been actively exploited in the wild.

The issue, tracked as CVE-2022-32893 (CVSS
score: 8.8), is an out-of-bounds write issue affecting WebKit that
could lead to arbitrary code execution when processing maliciously
crafted web content.

The tech giant said it fixed the bug with improved bounds
checking. An anonymous researcher has been credited for reporting
the vulnerability.

The iOS 12.5.6 update is available for iPhone 5s, iPhone 6,
iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch
(6th generation).

“iOS 12 is not impacted by CVE-2022-32894,” Apple noted^[2] in its advisory.

The latest set of patches arrived weeks after the iPhone maker
remediated the two flaws^[3] in iOS 15.6.1, iPadOS
15.6.1, macOS 12.5.1, and Safari 15.6.1 as part of updates shipped
on August 18, 2022.

“Apple is aware of a report that this issue may have been
actively exploited,” it acknowledged in a boilerplate statement,
although details regarding the nature of the attacks are
unknown.

Users of older iOS devices are advised to apply the updates as
soon as possible to mitigate potential threats.