Apple released patches for recently disclosed WebKit zero-day in older iPhones and iPads

Apple released new security updates for older iPhone and iPad devices addressing recently fixed WebKit zero-day.

Apple has released new updates to backport patches released this month to older iPhone and iPad devices addressing the CVE-2022-32893 flaw.

The CVE-2022-32893 flaw is an out-of-bounds issue that impacts WebKit. An attacker can trigger the flaw by tricking target devices into processing maliciously crafted web content to achieve arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

On August 19, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added seven new flaws to its Known Exploited Vulnerabilities Catalog, including the Apple zero-day.

Today Apple released a new security advisory to describe the security content of iOS 12.5.6.

The company released new updates to address the issues in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) running iOS 12.5.6.

Apple urges users to install these iOS security updates as soon as possible to prevent potential exploitation of the vulnerability.

The IT giant has addressed other six zero-day vulnerabilities since January, below is the list of fixed issues:

• January 2022: CVE-2022-22587 and CVE-2022-22594.
• February 2022: CVE-2022-22620.
• March 2022: CVE-2022-22674 and CVE-2022-22675.
• May 2022: CVE-2022-22675

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, iPhone)

[adrotate banner=”5″]

[adrotate banner=”13″]