Security News > 2022 > August > Apple backports fix for actively exploited iOS zero-day to older iPhones
Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.
In a security advisory published today, Apple once again said that they're aware of reports that this security issue "May have been actively exploited."
The list of devices today's security updates apply to includes iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch, all of them running iOS 12.5.6.
Even though Apple has disclosed that it received reports of active exploitation in the wild, the company is yet to release info regarding these attacks.
By withholding this information, Apple is likely aiming to allow as many users as possible to apply the security updates before other attackers pick up on the zero-day's details and start deploying exploits in their own attacks targeting vulnerable iPhones and iPads.
The U.S. Cybersecurity and Infrastructure Security Agency also added this security bug to its catalog of exploited vulnerabilities on August 19, requiring Federal Civilian Executive Branch agencies to patch it to protect "Against active threats."
News URL
Related news
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)