Apple on Monday released iOS 12.5.4 for older iPhone, iPad and iPod touch users, with the software fixing numerous security issues.
According to Apple’s security release notes, the iOS 12.5.4 update addresses security fixes for the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
One security issue says it was possible for “processing a maliciously crafted certificate may lead to arbitrary code execution.”
Apple says “a memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code,” as discovered by “xerub”.
Two other security fixes are for WebKit for the devices above, noting a vulnerability allowed for “processing maliciously crafted web content may lead to arbitrary code execution.”
According to Apple, it is “aware of a report that this issue may have been actively exploited.”
These two WebKit exploits were discovered and submitted to Apple by an anonymous researcher.
- iOS 12.5.4 (beta) (Build 16H6050 and 16H50) for:
- iPad Air (Wi-Fi) (iPad4,1)
- iPad Air (Cellular) (iPad4,2)
- iPad Air (China) (iPad4,3)
- iPad mini 2 (Wi-Fi) (iPad4,4)
- iPad mini 2 (Cellular) (iPad4,5)
- iPad mini 2 (China) (iPad4,6)
- iPad mini 3 (Wi-Fi) (iPad4,7)
- iPad mini 3 (Cellular) (iPad4,8)
- iPad mini 3 (China) (iPad4,9)
- iPhone 5s (GSM/LTE) (iPhone6,1)
- iPhone 5s (CDMA/LTE) (iPhone6,2)
- iPhone 6 Plus (iPhone7,1)
- iPhone 6 (iPhone7,2)
- iPod touch 6G (iPod7,1)