2 min read

Got an Older iPhone? Install This Security Patch Now!

Filip TRUȚĂ

September 01, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Got an Older iPhone? Install This Security Patch Now!

Apple this week rolled out an important, out-of-band patch for older iPhones and iPads, addressing a zero-day vulnerability that hackers are said to be actively exploiting.

Last month, the California tech giant issued urgent fixes for two security holes in iOS and macOS, warning that criminals might be abusing the flaws to steal people’s data.

Of particular importance was a flaw in Apple’s WebKit engine shared by all apps capable of displaying web content, including third-party apps.

A one-click threat

Tracked as CVE-2022-32894, the vulnerability is described as an out-of-bounds write issue that can be exploited remotely by getting the target to access a malicious website - in other words, a one-click affair that can theoretically let a criminal take over the target device, access the victim’s data, spy on the victim, etc.

While most iDevices in circulation were offered a patch against this threat, older device models remained vulnerable.

That’s why Apple is now rolling out iOS 12.5.6 to anyone still using an iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

Any attacks are likely highly targeted. But the threat is real, as Apple claims it is “aware of a report that this issue may have been actively exploited.”

On your device, visit Settings -> General -> Software Update and download and install the patch.

iOS and spyware

Last month, Bitdefender published a story on obsolete iDevices, warning that keeping iPhones updated and patched has become critical in recent years, as spyware threats increasingly find their way onto vulnerable devices – with little, or sometimes no, input from the victim.

Bitdefender also noted at the time that Apple customers should consider migrating to the newest iOS version eligible for their device, or upgrade their hardware altogether, to receive official security support from the mothership.

Leaked documents reportedly emerged last week on Twitter allegedly showing how an Israeli spyware vendor named Intellexa cashed in on 8 million euros after selling a full suite of services around a zero-day affecting both Android and iOS ecosystems.

Apple for the past year has been busy cracking down on spyware, going as far as to sue one of the more notorious spyware vendors, NSO Group, which is also based in Israel.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams
Alina BÎZGĂ

February 01, 2023

2 min read
Planet Ice hacked! 240,000 skating fans' details stolen Planet Ice hacked! 240,000 skating fans' details stolen
Graham CLULEY

January 31, 2023

2 min read
QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read