Apple has fixed a zero-day vulnerability in iOS 12.5.6 under attack in the wild.
A remote attacker could exploit the vulnerability to take control of unpatched systems.
The Apple iOS WebKit flaw CVE-2022-32893 could allow the processing of maliciously crafted web content and lead to arbitrary code execution. WebKit is Apple’s HTML rendering software and is part of Apple’s browser engine.
As noted in the iOS 12.5.6 advisory, Apple warned the “issue may have been actively exploited.”
Moreover, the iOS vulnerability affects Apples legacy phone models to include iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
The CVE-2022-32893 is also the same issue that Apple patched last month in Apple iOS 15.6.1, iPadOS 15.6.1, macOS Monterey 12.5.1, and Safari 15.6.1. However, Apple iOS 12 is not impacted by CVE-2022-32894, another zero-day fixed last month.
- Apple fixes 2 zero-days (CVE-2022-32894 and CVE-2022-32893) in iOS 15.6.1 and macOS Monterey 12.5.1 (update now!)
- Apple patches vulnerabilities in iOS 15.6, macOS Monterey 12.5, and other products
- Apple patches vulnerabilities in multiple products (CVE-2022-22675 exploited in the wild)
- Apple fixes zero-day vulnerabilities in iOS 15.4.1 and macOS Monterey 12.3.1 (with active exploits in the wild)
- Apple releases security updates for iOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3 and other products
- Microsoft August 2022 Security Updates addresses 121 vulnerabilities (17 Critical and 1 zero-day)