Apple has once again released a patch for a critical vulnerability that is likely to affect iPhone 5s, iPhone 6, and older iPads — models for which it rarely provides security.
Along with the patches in iOS 16.3 and macOS Ventura this week, Apple released a rare patch in iOS 12.5.7 update to protect iOS devices unable to upgrade to iOS 15 when it’s released in September 2021. These include iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
The update addresses a bug that could be remotely exploited to execute arbitrary code on an affected iPhone or iPad simply by directing the victim’s browser to a maliciously crafted website or web content.
“Apple is aware of a report that this issue may have been actively exploited for iOS versions released prior to iOS 15.1,” the company said in its release note regarding the bug, tracked is CVE-2022-42856.
That’s the report by Clément Lecigne of Google’s Threat Analysis Group, another state-sponsored advanced threat activity tracking group.
This isn’t the first time in recent memory Apple has imported patches for versions of iOS that it doesn’t patch regularly. Apple releases iOS 12.5.6 at the end of Augustexactly one year after the release of iOS 15, to address another remote code execution vulnerability (CVE-2022-32894) that was also being actively exploited at the time.