Apple has once again released a patch for a likely critical flaw affecting the iPhone 5s, iPhone 6, and older iPads — models for which it rarely provides security.
Along with patches in iOS 16.3 and macOS Ventura this week, Apple released a rare patch in the iOS 12.5.7 update to protect iOS devices that couldn’t upgrade to iOS 15 when it was released in September 2021. These include the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
The update addresses a bug that can be exploited remotely to gain arbitrary code execution on an affected iPhone or iPad just by leading a victim’s browser to a maliciously crafted web page or web content.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” it said in release notes concerning the bug, which is tracked as CVE-2022-42856.
Also: What is Security Keys for Apple ID and why does it matter?
It was reported by Clément Lecigne of Google’s Threat Analysis Group, the group that tracks state-sponsored and other advanced threat activity.
Apple patched the same flaw in iOS 16.1.2 on November 30, and then in macOS Ventura 13.1 and iOS 16.2 in mid-December.
It’s not the first time in recent memory that Apple has backported patches for versions of iOS it doesn’t regularly patch. Apple released iOS 12.5.6 at the end of August, exactly a year after iOS 15’s release, to address another remote code execution flaw (CVE-2022-32894) that was also being actively exploited at the time.