Apple Patches ‘Actively Exploited’ Security Flaw in Older iPhones with iOS 15.7.4

Apple is sending out security fixes across the board this week, patching dozens of flaws in its products, including an important patch for users of older iPhones and iPads.

In February, the Cupertino tech giant rolled out its first zero-day fix of the year, addressing a type confusion issue in WebKit , the web-rendering engine used by all Apple products. February’s update targeted current-generation devices and OSes, leaving older models somewhat vulnerable. But not for long.

'May have been actively exploited'

This week, that same fix is making its way into iOS 15.7.4 and iPadOS 15.7.4 – iOS 15 being the last operating system supported officially by Apple on iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).

Tracked as CVE-2023-23529 and reported to Apple by an anonymous researcher, the WebKit flaw can be exploited to run “arbitrary code,” including malware, on the target device.

“Apple is aware of a report that this issue may have been actively exploited,” the company warns, indicating that users should patch immediately. Dozens other security fixes are included with the release.

iOS 16.4 and iPad OS 16.4 are also rolling out to newer-generation devices, including the iPhone 8 and newer, iPad Pro (all models), iPad Air 3rd generation and newer, iPad 5th generation and newer, and iPad mini 5th generation and newer. The updates include several new features and enhancements, as well as multiple security fixes.

Mac users, too, are treated to a bunch of updates, including macOS Big Sur 11.7.5, macOS Monterey 12.6.4, and macOS Ventura 13.3.

Stay on the safe side

While most attacks on iOS are highly-targeted, Apple customers would do well to deploy the necessary patches for their devices to narrow threat actors’ window of opportunity.

This is especially the case for older-generation device models, as criminals are eager to invest time and effort to exploit these vulnerable endpoints.

Apple has been increasingly backporting security fixes to older-generation products in recent times, as spyware actors have been increasingly targeting unpatched devices.

Bitdefender recommends keeping iPhones up to date at all times as threat actors typically exploit unpatched zero-day flaws to deploy spyware – with little, and sometimes no, input from the victim.

Bitdefender Mobile Security offers powerful protection against cyber threats targeting iOS with minimal impact on device performance and battery life.

Bitdefender Antivirus for Mac offers real-time protection against all desktop-facing threats on macOS, including ransomware.