Security News > 2022 > August > Apple backports fix for actively exploited iOS zero-day to older iPhones
Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.
In a security advisory published today, Apple once again said that they're aware of reports that this security issue "May have been actively exploited."
The list of devices today's security updates apply to includes iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch, all of them running iOS 12.5.6.
Even though Apple has disclosed that it received reports of active exploitation in the wild, the company is yet to release info regarding these attacks.
By withholding this information, Apple is likely aiming to allow as many users as possible to apply the security updates before other attackers pick up on the zero-day's details and start deploying exploits in their own attacks targeting vulnerable iPhones and iPads.
The U.S. Cybersecurity and Infrastructure Security Agency also added this security bug to its catalog of exploited vulnerabilities on August 19, requiring Federal Civilian Executive Branch agencies to patch it to protect "Against active threats."
News URL
Related news
- Apple backports zero-day patches to older iPhones and Macs (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)