iOS 12.5.5 has been released with security updates that address bugs dealing with PDFs, web content, and malicious app code execution.
Apple released iOS 12.5.5 for older iPhones This is the first update to iOS 12 since June, when Apple patched an issue that enabled maliciously crafted web content to execute code. The iOS 12.5.5 update addresses similar issues pertaining to maliciously crafted PDFs, web content, and apps.
The security update notes read as follows:
CoreGraphics
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An integer overflow was addressed with improved input validation. CVE-2021-30860: The Citizen Lab WebKit Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30858: an anonymous researcher XNU Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling. CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clement Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero Owners of the iPhone 6 or earlier will be alerted that an update is available. Navigate to the Settings app, General, then select Software Update to install iOS 12.5.5.
Apple releases iOS 12.5.5 for older iPhones incompatible with iOS 15