Apple has released new updates to backport patches released this month to older iPhone and iPad devices addressing the CVE-2022-32893 flaw.
The CVE-2022-32893 flaw is an out-of-bounds issue that impacts WebKit. An attacker can trigger the flaw by tricking target devices into processing maliciously crafted web content to achieve arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
On August 19, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added seven new flaws to its Known Exploited Vulnerabilities Catalog, including the Apple zero-day.
Today Apple released a new security advisory to describe the security content of iOS 12.5.6.
The company released new updates to address the issues in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) running iOS 12.5.6.
Apple urges users to install these iOS security updates as soon as possible to prevent potential exploitation of the vulnerability.
The IT giant has addressed other six zero-day vulnerabilities since January, below is the list of fixed issues:
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, iPhone)