The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that may lead to arbitrary code execution when processing maliciously crafted web content. The iOS 12.5.6 update likely addresses two major security vulnerabilities that Apple patched earlier this month with the release of iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1, as part of updates shipped on August 18, 2022. These fixes are now extended to older iPhone and iPad models that cannot update to 15.6.1. The iOS 15.6.1 update fixed two major zero-day security vulnerabilities that may have been used to attack iPhones and iPads. The first bug could have been used to execute arbitrary code with kernel privileges. Further, the second vulnerability existed in WebKit, the browser engine that powers Safari and all third-party browsers on iOS, which could have allowed an application to execute arbitrary code via “maliciously crafted web content.” “iOS 12 is not impacted by CVE-2022-32894,” the company noted in its advisory. It also acknowledged that “Apple is aware of a report that this issue may have been actively exploited.” However, it did not provide any detailed information regarding the nature of the attacks. The Cupertino giant credited an anonymous researcher for reporting the vulnerability. The iOS 12.5.6 update is now available to download over the air (OTA) for the following older Apple models:
iPhone 5s iPhone 6 iPhone 6 Plus iPad Air iPad mini 2 iPad mini 3 iPod touch (6th generation)
Although Apple stopped supporting these devices with iOS 13, it has continued to update them with important security fixes ever since. If you are using any of the above-mentioned devices that is stuck on iOS 12, it is advisable to apply the updates as soon as possible to mitigate potential threats. You can download iOS 12.5.6 by going to Settings on your phone, tapping on “General,” and selecting the “Software Update” option. The build number for the update is 16H71.