In a somewhat unexpected move, Apple on Thursday released iOS 12.5.5, a small firmware update for older iPhones, iPads, and iPod touches that are incapable of running iOS or iPadOS 13 and later.
According to Apple, iOS 12.5.5 addresses security flaws that are present in iOS 12.5.4 and earlier and is recommended for all handsets capable of installing it.
Installing iOS 12.5.5 on supported devices should help ensure that the device’s data can’t be compromised by malicious hackers via the aforementioned security flaws.
Speaking of supported devices, those include, but may not be limited to:
- iPhone 5s
- iPhone 6
- iPhone 6 Plus
- iPad Air 1
- iPad mini 2
- iPad mini 3
- iPod touch 6th generation
While it’s unusual for Apple to release updates to several-year-old versions of iOS and/or iPadOS, it’s not unheard of. Apple sometimes continues to ensure the security of legacy handsets if the risk to users is great enough to warrant attention.
In this case, it seems that one of the security holes relates to the zero-click exploit that may have been used by malicious hackers amid the Pegasus spyware incident. This same exploit was just patched in the previous released iOS & iPadOS 14.8 updates for newer handsets.
According to the security content of the iOS 12.5.5 update, it addresses the following issues:
CoreGraphics
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: An integer overflow was addressed with improved input validation.
CVE-2021-30860: The Citizen Lab
WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use after free issue was addressed with improved memory management.
CVE-2021-30858: an anonymous researcher
XNU
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
Description: A type confusion issue was addressed with improved state handling.
CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero
Newer devices that are already running iOS or iPadOS 13 or later need not concern themselves with iOS 12.5.5; this includes the iPhone 7 and later.
Do you have an older device capable of installing iOS 12.5.5 that need to be dusted off for this new update? Let us know in the comments section down below.