Apple has issued security updates for macOS, iOS, iPadOS, and WatchOS, to address a zero-day vulnerability affecting older devices running iOS v12.

Tracked as CVE-2022-42856, the zero-day is type confusion issue in the WebKit web browser engine that allows a remote attacker to achieve remote code execution by tricking the victim into visiting a malicious website.

Apple did not share any additional information regarding attacks exploiting the above mentioned flaw, but said it is “aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.”

The security issue affects iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) devices.

Besides CVE-2022-42856, the iPhone maker fixed multiple high-risk vulnerabilities impacting its Safari browser, watchOS, iOS 16 and iPadOS 16, macOS Ventura, macOS Monterey, and macOS Big Sur.