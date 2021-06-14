What you need to know
- Apple has released iOS 12.5.4 to a number of iPhone, iPad, and iPod touch models.
- The update addresses some security issues that may have been actively exploited.
If you have an older iPhone, iPad, or iPod touch, you may want to install the new iOS 12.5.4 software update.
iOS 12.5.4, which has been added to the Apple Security Updates page, is available for the following iPhone, iPad, and iPod touch models:
- iPhone 5s
- iPhone 6
- iPhone 6 Plus
- iPad Air
- iPad mini 2
- iPad mini 3
- iPod touch (6th generation)
Apple says that the update was released in order to address a few security issues that may have been exploited in the wild. One particular update address a memory corruption issue that could cause arbitrary code execution.
You can read all of the details about the security content of iOS 12.5.4 below:
Security
- Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
- Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
- Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.
- CVE-2021-30737: xerub
WebKit
- Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A memory corruption issue was addressed with improved state management.
- CVE-2021-30761: an anonymous researcher
WebKit
- Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A use after free issue was addressed with improved memory management.
- CVE-2021-30762: an anonymous researcher
Users with the above devices can download the iOS 12.5.4 update now.
