iOS 12.5.7: Apple closes zero-day gap on older iPhones

iOS 12.5.7: Apple closes zero-day gap on older iPhones

The update is available for devices such as iPhone 5s and iPad Mini 2. Hackers are specifically targeting the zero-day vulnerability in older iOS versions.

Apple has released a security update for iOS 12. The Version 12.5.7 closes a zero-day vulnerability, which the company says is currently being actively exploited by hackers – preferably in older iOS versions.

The update is available for iPhone 5s, 6 and 6 Plus as well iPad Air, iPad Mini 2, Mini 3 and the sixth generation iPod Touch. According to the release notes, specially crafted web content can trigger a type confusion bug in WebKit, which in turn allows malicious code to be injected and executed.

Fix has been available since December 2022

The vulnerability with the identifier CVE-2022-42856 was already patched on December 13, 2022 in iOS 16.2 and iPadOS 16.2. An update to iOS 15.7.2 and iPadOS 15.7.2 was also released on the same day to provide the fix for iPhones and iPads that have not yet been switched to iOS 16 or cannot be switched.

At the time, Apple was already warning of zero-day vulnerability attacks, which, according to an unspecified report, were focused on devices running iOS versions earlier than iOS 15.1. However, Apple held back the release of the security alert until December 20th.

Users who are still using iOS or iPadOS 15 should also keep an eye out for a new security update. For iPhone 6s, iPhone 7, iPhone SE (first generation), iPad Air 2, iPad Mini 4 and iPod Touch 7 is the new OS-Version 15.7.3 available. It fixes five vulnerabilities that Apple is also patching in iOS 16 along with other holes. Timely installation of the updates is advisable, among other things to prevent apps from being able to run arbitrary code with kernel privileges.

