Apple has released an iOS 12.5.4 security update for older devices that patches three vulnerabilities -- two of which may have been exploited in the wild.
iOS 12.5.4 security update released
Apple releases security-focused updates for older devices to fix any number of problems found in the software. Older devices may be incapable of receiving new features associated with recent releases, but these updates keep users of those devices safe.
The company's security website says that there are two WebKit vulnerabilities and a certificate vulnerability that have been patched. Apple says that the WebKit vulnerabilities may have been actively exploited in the wild.
Release notes read as follows:
Security
- Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
- Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.
- CVE-2021-30737: xerub
WebKit
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A memory corruption issue was addressed with improved state management.
- CVE-2021-30761: an anonymous researcher
WebKit
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A use after free issue was addressed with improved memory management.
- CVE-2021-30762: an anonymous researcher
The update is available for iPhone 5s, iPhone 6, iPhone 6s Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
Users can install these updates by navigating to Settings, General, then Software Update. Connect the iPhone or iPad to power then tap install to complete the update.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too. If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player. AppleInsider is also bringing you the best Apple-related deals for Amazon Prime Day 2021. There are bargains before, during, and even after Prime Day on June 21 and 22 -- with every deal at your fingertips throughout the event.