Apple releases security update for Older iOS and iPadOS Models
An actively exploited security hole was fixed by Apple on Monday and backported to previous versions of the iPhone and iPad.
An arbitrary code execution vulnerability in the WebKit browser engine which is logged as CVE-2023-23529 is the major concern.
The tech juggernaut first responded to it with enhanced checks as part of updates distributed on February 13, 2023. An unknown researcher has been credited for identifying the vulnerability.
Apple said in a new advisory that it is “aware of a report that this issue may have been actively exploited,” adding that processing maliciously crafted web content “may lead to arbitrary code execution.”
In January, a total of five software updates for older Apple products were provided by the Cupertino, California-based tech firm, which included macOS Big Sur 11.7.3, macOS Monterey 12.6.3, iPadOS 15.7.3, iOS 12.5.7, and iOS 15.7.3.
Apple’s last recent iOS 16.3 update was not compatible with iPhone models older than the iPhone 8, making them extremely vulnerable to security risks. Apple stated in its security bulletin that iOS 12.5.7 and iPadOS 12.5.7 fixed these problems on the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) devices.
The critical WebKit Bugzilla vulnerability, with tracking number CVE-2022-42856, was discovered by Clément Lecigne of Google’s Threat Analysis Group, and it is fixed in the iOS update for older devices.
While the precise nature of the exploitation is still unknown, it is normal practice to conceal technical details because doing so helps stop further in-the-wild abuse aimed at vulnerable devices.
Several models of the iPhone 6s, iPhone 7, iPhone SE (first generation), iPad Air 2, iPad mini (4th generation), and iPod touch are compatible with the update.
The revelation comes as Apple released a number of bug-fixing software updates, including iOS 16.4, iPadOS 16.4, macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5, tvOS 16.4, and watchOS 9.4.
Author: Sanghamitra Sethy