Sept 1 – Apple announced the release of a rare security update for older iPhones and iPads stuck on iOS 12, an operating system that received its last security update almost a year ago. The new iOS 12.5.6 update patches a single bug that hackers could exploit to enact arbitrary code execution through ‘maliciously crafted web content’.
iOS 12.5.6 is available for all devices that operate iOS 12 but that cannot be updated to a newer version of iOS or iPadOS. Devices in this group include the iPhone 5S, iPhone 6 and 6 Plus, the original iPad Air, the iPad mini 2 and iPad mini 3, along with the 6th-generation iPod Touch.
The zero day
The latest update pertains to the same ‘actively exploited’ zero day WebKit vulnerability that Apple patched in newer iOS and macOS versions several weeks ago. The time gap was not ideal, but given the dwindling usage share of iOS 12, the delay may have been justified.
In the past, Apple has released minor updates for old, unsupported iDevices when something serious has arisen. Both iOS 9 and iOS 10 were updated after their expiration dates in order to resolve a GPS bug in 2019, for example. The same iOS 12 devices referred to earlier continued to receive security updates for several years.
Should you own an iPhone 5S or an iPad Air that you use as a Netflix screen or for some other highly specific task, ensure that you install the latest update.