Apple Releases Update for iOS 12 to Patch Exploited Vulnerability
Apple has released an iOS 12 update for older iPhone and iPad devices, patching a vulnerability that was reportedly exploited by threat actors.
According to a document published by the company on Wednesday, August 31, the flaw would allow the processing of maliciously crafted web content, which in turn led to arbitrary code execution.
“Apple is aware of a report that this issue may have been actively exploited,” the tech company wrote.
The 275 MB update released to patch the vulnerability is available for several older Apple devices, including the iPhone 5S, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3 and iPod Touch (6th gen).
The software version has been updated to 12.5.6, build number 16H71. It seems to fix the security vulnerability (tracked CVE-2022-32893), which the company recently patched in the iOS 15.6.1 update a fortnight ago.
The critical bug, rated 8.8 according to the Common Vulnerability Scoring System (CVSS), was also spotted by the Cybersecurity and Infrastructure Security Agency (CISA), which wrote an advisory about it last month.
From a technical standpoint, Apple said it fixed the flaw by improving bounds checking within the operating system (OS). Just like with the original vulnerability, the company credited an anonymous researcher for reporting the vulnerability.
Users of the aforementioned iOS devices are recommended to apply the updates as soon as possible to mitigate the impact of potential threats.
The patch comes weeks after Apple announced a new set of privacy and security-focussed iPhone features grouped under a ‘Lockdown Mode.‘
Also in mobile-focused news, Google patched a critical Android Bluetooth flaw in August. More recently, Apple announced a new program designed to reward researchers who find bugs in its open source projects from $100 to $31,337 per bounty.