Apple has released iOS 12.5.4 for older iPhones and iPad with security fixes. These security patches fix issues with WebKit that could allow arbitrary code execution through maliciously crafted web content.
Update to iOS 12.5.4 to fix actively exploited security flaws
Although most recent devices are currently on iOS 14, with some devices like iPhone 6s almost 6 years old, there are some older devices that were discontinued with iOS 12 being their last supported version. The following iPhone and iPad models have received this new security patch via iOS 12.5.4:
- iPhone 5s
- iPhone 6
- iPhone 6 Plus
- iPad Air
- iPad mini 2
- iPad mini 3
- iPod touch (6th generation)
Apple explains one of the three security patches as a system-wide issue that could allow arbitrary code execution through a maliciously crafted certificate. While the other two WebKit patches improve issues with memory corruption and memory management, which could allow arbitrary code execution. The WebKit security issues were actively exploited in the wild, therefore it is recommended that iOS 12.5.4 be installed as soon as possible.
These are not the first security patches that Apple has released this year which are targeted towards WebKit across platforms like macOS, watchOS, iOS, and iPadOS. Many of these security flaws have been actively exploited in the wild, which shows that the scale of Apple’s platform is now making it a popular target by hackers.
Below are some of the security flaw patches related to WebKit that have been released this year:
- watchOS 7.4.1 released with fix for another WebKit security flaw
- Apple releases macOS Big Sur 11.3.1 with WebKit security fixes
- Apple releases watchOS 7.3.3 with security fix for WebKit flaw
- Apple seeds macOS Big Sur 11.2.3 update with WebKit security fixes
- watchOS 7.3.2 released with WebKit security fix
- Apple releases iOS 14.4.1 and iPadOS 14.4.1 with WebKit security fix
- iOS 14.4.2 and iPadOS 14.4.2 released with security fix that may have been exploited in the wild
- iOS 14.4 fixes security flaws that might have been actively exploited