Apple releases iOS 12.5.5 for older iPhones incompatible with iOS 15

Posted:
in iOS
iOS 12.5.5 has been released with security updates that address bugs dealing with PDFs, web content, and malicious app code execution.

Apple released iOS 12.5.5 for older iPhones
Apple released iOS 12.5.5 for older iPhones


This is the first update to iOS 12 since June, when Apple patched an issue that enabled maliciously crafted web content to execute code. The iOS 12.5.5 update addresses similar issues pertaining to maliciously crafted PDFs, web content, and apps.

The security update notes read as follows:

CoreGraphics

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30860: The Citizen Lab

WebKit

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30858: an anonymous researcher

XNU

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.

Description: A type confusion issue was addressed with improved state handling.

CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clement Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero

Owners of the iPhone 6 or earlier will be alerted that an update is available. Navigate to the Settings app, General, then select Software Update to install iOS 12.5.5.

Read on AppleInsider

Comments

  • Reply 1 of 6
    It’s irritating that this isn’t offered to users still on iOS 12 who DON’T want iOS 15 (yet or ever).
    OctoMonkey
  • Reply 2 of 6
    mike1mike1 Posts: 2,781member
    dysamoria said:
    It’s irritating that this isn’t offered to users still on iOS 12 who DON’T want iOS 15 (yet or ever).

    Pretty sure this was also part of the 14.8 update that was released along with iOS15.
  • Reply 3 of 6
    dysamoria said:
    It’s irritating that this isn’t offered to users still on iOS 12 who DON’T want iOS 15 (yet or ever).
    A very bizarre statement
    dewmeStrangeDays
  • Reply 4 of 6
    dysamoria said:
    It’s irritating that this isn’t offered to users still on iOS 12 who DON’T want iOS 15 (yet or ever).
    Story states Apple releases iOS 12.5.5.  So you are in luck,this update applies to your phone.
  • Reply 5 of 6
    It is pretty amazing to be getting a security update for my iPad mini 2.
  • Reply 6 of 6
    loopless said:
    dysamoria said:
    It’s irritating that this isn’t offered to users still on iOS 12 who DON’T want iOS 15 (yet or ever).
    A very bizarre statement

    I believe what the OP is lamenting is that the Software Update mechanism will by default only offer 12.5.5 to devices whose support ended with iOS 12.

    On a device that supports newer versions of iOS, it will be prompted to update straight to the latest version, currently iOS 15, which supports all the devices that weren't cut off at iOS 12.  Not 12.5.5, so a user who has purposely kept their device on iOS 12 cannot apply the latest 12.x patch, and is only given the option to go to all the way to 15.

    A potential workaround is to obtain the appropriate 12.5.5 ipsw payload file, and perform a manual restoration with iTunes.  But that method, which some used to downgrade iOS after finding an update not to the liking, only remains viable as long as the older version remains signed by Apple.
    muthuk_vanalingam
Sign In or Register to comment.