iOS 12.5.5 has been released with security updates that address bugs dealing with PDFs, web content, and malicious app code execution.
This is the first update to iOS 12 since June, when Apple patched an issue that enabled maliciously crafted web content to execute code. The iOS 12.5.5 update addresses similar issues pertaining to maliciously crafted PDFs, web content, and apps.
The security update notes read as follows:
CoreGraphics
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: An integer overflow was addressed with improved input validation.
CVE-2021-30860: The Citizen Lab
WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use after free issue was addressed with improved memory management.
CVE-2021-30858: an anonymous researcher
XNU
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
Description: A type confusion issue was addressed with improved state handling.
CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clement Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero
Owners of the iPhone 6 or earlier will be alerted that an update is available. Navigate to the Settings app, General, then select Software Update to install iOS 12.5.5.
6 Comments
It’s irritating that this isn’t offered to users still on iOS 12 who DON’T want iOS 15 (yet or ever).
It is pretty amazing to be getting a security update for my iPad mini 2.