Apple on Wednesday backported safety updates to older iPhones, iPads, and iPod contact units to handle a important safety flaw that has been actively exploited within the wild.
The difficulty, tracked as CVE-2022-32893 (CVSS rating: 8.8), is an out-of-bounds write concern affecting WebKit that might result in arbitrary code execution when processing maliciously crafted internet content material.
The tech large stated it mounted the bug with improved bounds checking. An nameless researcher has been credited for reporting the vulnerability.
The iOS 12.5.6 replace is on the market for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod contact (sixth era).
“iOS 12 is just not impacted by CVE-2022-32894,” Apple famous in its advisory.
The most recent set of patches arrives weeks after the iPhone maker remediated the 2 flaws in iOS 15.6.1, iPadOS 15.6.1, macOS 12.5.1, and Safari 15.6.1 as a part of updates shipped on August 18, 2022.
“Apple is conscious of a report that this concern could have been actively exploited,” it acknowledged in a boilerplate assertion, though particulars relating to the character of the assaults are unknown.
Customers of older iOS units are suggested to use the updates as quickly as attainable to mitigate potential threats.