Skip to content

Apple releases iOS 12.5.5 with security patches for iPhone 5s, iPhone 6, and other older handsets

2021 September 24
by RSS Feed

In a somewhat unexpected move, Apple on Thursday released iOS 12.5.5, a small firmware update for older iPhones, iPads, and iPod touches that are incapable of running iOS or iPadOS 13 and later.

According to Apple, iOS 12.5.5 addresses security flaws that are present in iOS 12.5.4 and earlier and is recommended for all handsets capable of installing it.

Installing iOS 12.5.5 on supported devices should help ensure that the device’s data can’t be compromised by malicious hackers via the aforementioned security flaws.

Speaking of supported devices, those include, but may not be limited to:

  • iPhone 5s
  • iPhone 6
  • iPhone 6 Plus
  • iPad Air 1
  • iPad mini 2
  • iPad mini 3
  • iPod touch 6th generation

While it’s unusual for Apple to release updates to several-year-old versions of iOS and/or iPadOS, it’s not unheard of. Apple sometimes continues to ensure the security of legacy handsets if the risk to users is great enough to warrant attention.

In this case, it seems that one of the security holes relates to the zero-click exploit that may have been used by malicious hackers amid the Pegasus spyware incident. This same exploit was just patched in the previous released iOS & iPadOS 14.8 updates for newer handsets.

According to the security content of the iOS 12.5.5 update, it addresses the following issues:

CoreGraphics

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30860: The Citizen Lab

WebKit

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30858: an anonymous researcher

XNU

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.

Description: A type confusion issue was addressed with improved state handling.

CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero

Newer devices that are already running iOS or iPadOS 13 or later need not concern themselves with iOS 12.5.5; this includes the iPhone 7 and later.

Do you have an older device capable of installing iOS 12.5.5 that need to be dusted off for this new update? Let us know in the comments section down below.

Source link: https://www.idownloadblog.com/2021/09/23/apple-releases-ios-12-5-5-with-security-patches-for-iphone-5s-iphone-6-and-other-older-handsets/

Leave a Reply

Note: You may use basic HTML in your comments. Your email address will not be published.

Subscribe to this comment feed via RSS