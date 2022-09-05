iOS 12.5.6 is supposed to seal older iPads as well as older iPhones. The bug is in the browser engine.

Security experts had already feared it: A bug that apple-event-with-the-iphone-14-is-approaching-and-these-are-5-things-that-we-can-see-in-the-presentation/">Apple fixed in its current mobile operating systems in the middle of the month is also in older iOS versions and is possibly being by attackers. An update for older iPhones and iPads was only released on Thursday night.

- Advertisement -

Still little known

The bug has the CVE ID 2022-32893 and affects Apple’s WebKit browser engine. This is a so-called out-of-bounds write problem that occurred due to defective bounds checking. In practice, it was possible to run arbitrary code via a suitably adapted website. So it is enough to click on such a URL or just visit it randomly with the browser. It doesn’t matter whether you use Safari, Chrome or Firefox on your iPhone or iPad – Apple forces all browser providers on these platforms to use WebKit.

In the instruction leaflet for the newly released iOS 12.5.6, which customers should urgently import with the devices supplied, Apple repeats its warning that there are reports of active exploits. However, it is still not clear which attacks are involved here, whether it is simply criminals, state spies or spyware distributors who are exploiting the vulnerability.

Which devices get the update

iOS 12.5.6 is available for all those devices that cannot handle a higher iOS. iOS 15.6.1 and iPadOS 15.6.1, which received the patch weeks ago, are up to date on newer models. iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and the sixth generation (6G) iPod touch are now being retrofitted. all: A second dangerous error, which Apple also fixed in mid-August, cannot be exploited in iOS 12. This kernel bug with the CVE ID 2022-32894 does not affect the system, Apple also says in the package insert. It even allowed – again via out-of-bounds write – the execution of arbitrary code with kernel privileges. Here, too, Apple has reports on active exploitation.

- Advertisement -

The older macOS versions Big Sur and Catalina were also affected by the WebKit bug. However, these have already received an update for the Safari browser to version 15.6.1. Along with iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey was updated to version 12.5.1, which fixed kernel bugs such as WebKit bugs.