Apple on Wednesday backported safety updates to older iPhones, iPads, and iPod contact units to handle a essential safety flaw that has been actively exploited within the wild.
The difficulty, tracked as CVE-2022-32893 (CVSS rating: 8.8), is an out-of-bounds write situation affecting WebKit that would result in arbitrary code execution when processing maliciously crafted internet content material.
The tech big mentioned it fastened the bug with improved bounds checking. An nameless researcher has been credited for reporting the vulnerability.
The iOS 12.5.6 replace is accessible for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod contact (sixth era).
“iOS 12 is just not impacted by CVE-2022-32894,” Apple famous in its advisory.
The newest set of patches arrived weeks after the iPhone maker remediated the 2 flaws in iOS 15.6.1, iPadOS 15.6.1, macOS 12.5.1, and Safari 15.6.1 as a part of updates shipped on August 18, 2022.
“Apple is conscious of a report that this situation might have been actively exploited,” it acknowledged in a boilerplate assertion, though particulars relating to the character of the assaults are unknown.
Customers of older iOS units are suggested to use the updates as quickly as doable to mitigate potential threats.