Apple on Monday released iOS 12.5.4 and iPadOS 12.5.4 updates, which provide security fixes for older iPhone and iPad devices that are not compatible with iOS 14.
The iOS 12.5.4 and iPadOS 12.5.4 updates can be downloaded for free and the software can be installed on all eligible devices over the air via the Settings app. To access the new software, go to Settings -> General -> Software Update.
iOS 12.5.4 provides important security updates and is recommended for all users. Apple often releases security updates for older devices that are no longer able to run the current version of iOS. The updates keep users of older devices protected from malware and other security vulnerabilities.
Apple’s security support document says that the update addresses the following three vulnerabilities:
Security
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.
CVE-2021-30737: xerub
WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30761: an anonymous researcher
WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use after free issue was addressed with improved memory management.
CVE-2021-30762: an anonymous researcher