https://thehackernews.com/2023/01/apple-issues-updates-for-older-devices.html Apple Issues Updates for Older Devices to Fix Actively Exploited
Vulnerability

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation.

The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in
the WebKit browser engine that could result in arbitrary code execution
when processing maliciously crafted web content.

While it was originally addressed by the company on November 30, 2022, as
part of iOS 16.1.2 update, the patch was expanded to a broader set of Apple devices with iOS 15.7.2, iPadOS 15.7.2, macOS Ventura 13.1, tvOS 16.2, and Safari 16.2.

"Apple is aware of a report that this issue [has] been actively exploited against versions of iOS released before iOS 15.1," the iPhone maker said in
an advisory published Monday.

To that end, the latest update, iOS 12.5.7, is available for iPhone 5s,
iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited
with discovering the vulnerability, although exact specifics surrounding
the exploitation attempts in the wild are currently unknown.

The update comes as Apple released iOS 16.3, iPadOS 16.3, macOS Ventura
13.2, watchOS 9.3, and Safari 16.3 to remediate an extremely long list of widespread iOS security flaws, including two bugs in WebKit that could lead
to code execution.

macOS Ventura 13.2 also plugs two denial-of-service vulnerabilities in
ImageIO and Safari, alongside three flaws in the Kernel that could be
abused to leak sensitive information, determine its memory layout, and
execute rogue code with elevated privileges.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)