Even though this zero-day was most likely only used in targeted attacks, it’s strongly suggested to patch even older devices as soon as possible to block potential attack attempts. The impacted devices include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Apple disclosed the security flaw “may have been actively exploited” in the wild but is yet to release info regarding these attacks. CISA also added this zero-day to its catalog of known exploited vulnerabilities on October 25, which requires Federal Civilian Executive Branch (FCEB) agencies to patch it to protect “against active threats.”
https://www.bleepingcomputer.com/news/security/apple-fixes-recently-disclosed-zero-day-on-older-iphones-ipads/
