Older Apple devices receive update to fix actively exploited bug

Older iPhones, iPod touch, and iPads have been given security updates to fix an actively exploited critical out-of-bounds write issue in WebKit, tracked as CVE-2022-32893, which could be exploited by threat actors to facilitate the execution of arbitrary code, The Hacker News reports. Improved bounds checking has been leveraged to fix the vulnerability in the iOS 12.5.6 update for iPhone 5s, iPhone 6, iPhone 6 Plus, iPod touch (6th generation), iPad Air, iPad mini 2, and iPad mini 3, according to Apple, which noted that the flaw, tracked as CVE-2022-32894, is not affecting iOS 12. Both vulnerabilities have been addressed by Apple in iOS 15.6.1, iPadOS 15.6.1, macOS 12.5.1, and Safari 15.6.1 weeks ago. "Apple is aware of a report that this issue may have been actively exploited," said Apple. Users of older Apple devices have been advised to immediately apply the update to prevent risk of future attacks.