Apple, iOS 12.5.5, Security, Updates

Apple releases iOS 12.5.5 for older iPhones and iPads with important security fixes

A new iOS 12.5.5 version is out for iPhones and iPads that are incompatible with the iOS 15 and iPadOS 15. The update according to the security notes fixes vulnerabilities affecting the CoreGraphics, WebKit, and XNU Kernel in the iOS. This new update comes in after the release of a security vulnerability fix in the form of iOS 12.5.4 back in June.

We urge all users rocking older devices to update immediately by going to Settings > General > Software Update. Apple‘s security notes are detailed below for your reference. Going through the notes, we can confirm there is a patch to block out the harmful Pegasus Zero-Click exploit which was recently patched for iOS 14 users.

RELATED: iOS 15 and iPadOS 15 is now available to all: How to update and more

iOS 12.5.5 security notes

CoreGraphics

  • Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  • Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  • Description: An integer overflow was addressed with improved input validation.
  • CVE-2021-30860: The Citizen Lab

WebKit

  • Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  • Description: A use after free issue was addressed with improved memory management.
  • CVE-2021-30858: an anonymous researcher
See also  Why Apple needs to discontinue the iPod touch, HomePod is no more

XNU

  • Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  • Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
  • Description: A type confusion issue was addressed with improved state handling.
  • CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero

Apple iOS Software Update Previous ArticleiOS 15.1 Beta 1 is here: Whats new? Next Article iPhone 13 Pro Max has support for up to a peak 27W charging

Leave a Comment