Apple has fixed iOS zero-day actively exploited on iPads and iPhones older than iPhones

Apple backported security patches that address a remote exploitable zero day vulnerability on older iPhones, iPads.

The bug can be identified as and is caused by a type confusion vulnerability in Apple’s Webkit browser browsing engine.

Apple claimed that the vulnerability discovered by Clement Lecigne, Google’s Threat Analysis Group, allows maliciously-crafted webpages (and possibly gain access to sensitive data) to execute arbitrary code on vulnerable devices.

This flaw can be exploited by attackers who trick their victims into visiting maliciously designed websites.

Once they have achieved arbitrary code execution, they can execute commands on the operating system, install additional spyware or malware payloads or cause other malicious activities.

Apple stated in a that it is aware that the security flaw may have been exploited.

This company has addressed the zero day bug by improving state handling on the following devices: iPhone 5, iPhone 6 Plus and iPhone 6 Plus; iPad Air, iPhone mini 2, iPad mini 3; iPod touch (6th Generation).

Protect older devices from attacks

Apple acknowledged that active exploit was reported to it, but the company has yet to release details.

Apple withholding the information is likely to help as many people as possible patch their devices before attackers get access to zero-day details and begin deploying exploits targeted at vulnerable iPhones or iPads.

Although this vulnerability was likely used for targeted attacks only, we strongly recommend that you install security updates today to prevent any attack attempts.

CISA included the zero-day on its list of exploited vulnerabilities . This required Federal Civilian Executive Branch agencies (FCEB), to fix it in order to protect them against “active threats.”

Apple has also fixed in Safari and the latest macOS and iOS versions.