Apple fixes zero-day vulnerability (CVE-2022-32893) in iOS 12.5.6 exploited in the wild

Apple has fixed a zero-day vulnerability in iOS 12.5.6 under attack in the wild.

A remote attacker could exploit the vulnerability to take control of unpatched systems.

The Apple iOS WebKit flaw CVE-2022-32893 could allow the processing of maliciously crafted web content and lead to arbitrary code execution. WebKit is Apple’s HTML rendering software and is part of Apple’s browser engine.

As noted in the advisory, Apple warned the “issue may have been actively exploited.”

Moreover, the iOS vulnerability affects Apples legacy phone models to include iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

The CVE-2022-32893 is also the same issue that Apple patched last month in Apple iOS 15.6.1, iPadOS 15.6.1, macOS Monterey 12.5.1, and Safari 15.6.1. However, Apple iOS 12 is not impacted by CVE-2022-32894, another zero-day fixed last month.

Related Articles