Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild.

The shortcoming, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content.

WebKit is the browser engine that powers Safari and every other third-party browser available on iOS and iPadOS, meaning a flaw uncovered in the platform poses a security risk to users of Google Chrome, Mozilla Firefox, and Microsoft Edge as well.

The tech giant said it fixed the bug with improved bounds checking. An anonymous researcher has been credited for reporting the vulnerability.

The iOS 12.5.6 update is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

“iOS 12 is not impacted by CVE-2022-32894,” Apple noted in its advisory.

The latest set of patches arrives weeks after the iPhone maker remediated the two flaws in iOS 15.6.1, iPadOS 15.6.1, macOS 12.5.1, and Safari 15.6.1 as part of updates shipped on August 18, 2022.

“Apple is aware of a report that this issue may have been actively exploited,” it acknowledged in a boilerplate statement, although details regarding the nature of the attacks are unknown.

Users of older iOS devices are advised to apply the updates as soon as possible to mitigate potential threats.