If you have an older iOS device, this is going to come in handy.
Apple on Monday released an iOS 12.5.4 security update for older iOS devices that patches three vulnerabilities, two of which may have already been exploited in the wild.
The fixes focus on two WebKit vulnerabilities alongside a certificate vulnerability.
The release notes are as follows:
Security
• Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
• Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.
• CVE-2021-30737: xerub
WebKit
• Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
• Description: A memory corruption issue was addressed with improved state management.
• CVE-2021-30761: an anonymous researcher
WebKit
• Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
• Description: A use after free issue was addressed with improved memory management.
• CVE-2021-30762: an anonymous researcher
The update is available for iPhone 5s, iPhone 6, iPhone 6s Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
Users can install these updates by navigating to Settings, General, then Software Update. Connect the iPhone or iPad to power then tap install to complete the update.
Stay tuned for additional details as they become available.
Via AppleInsider and support.apple.com