 |
| Apple asks users of older iPhones to update |
Apple has rolled out new security updates for older iOS 12 devices such as the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
This fixes three vulnerabilities, one of which, CVE-2021-30737, can corrupt the memory of the ASN.1 decoder.
In the iOS 12.5.4 release notes, Apple said: This update provides important security updates and is recommended for all users.
Although most devices running this version of iOS were released in 2013 or 2014 and are currently six or seven years old, Apple continues to update them and bring important security fixes.
These devices did not get any new features with the release of iOS 13. However, they are still widely used.
According to a report by DeviceAtlas, about 8% of iPhone users will still use the iPhone 5s, iPhone 6, or iPhone 6 Plus in 2020.
According to the tech giant, the new patch targets malicious certificate and WebKit vulnerabilities. This can cause the device to execute arbitrary code.
WebKit is the web browser engine used by Safari and other apps on iOS.
In the case of the reported vulnerability, if a user opened a malicious page, the system could run illegal code in the background which could open the door to network attacks.
Apple requests updates:
The company said in its release notes that processing malicious web content can lead to arbitrary code execution. Apple has been informed of a report that the issue is being actively exploited.
In another vulnerability, Apple stated that managing malicious certificates could lead to arbitrary code execution. Added that this issue is also fixed in iOS 14.6.
Both CVE-2021-30761 and CVE-2021-30762 were anonymously reported to Apple.
The Cupertino-based company said in its announcement that it was aware of reports that these vulnerabilities may have been actively exploited.
In general, Apple does not provide detailed information about the type of attack, the victim of the attack, or the potential risk of abuse.
This decision reflects a similar fix that Apple introduced on May 3 to address a WebKit buffer overflow issue for the same hardware series (CVE-2021-30666).
In addition, users of Apple devices are recommended to update to the latest version to reduce the risk of security breaches.