iOS 12.5.4 is a security update for devices which could not be updated to iOS 13 and higher.

This update provides important security updates and is recommended for all users.

iOS 12.5.4 release notes

Fixes include:

Security

  • Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  • Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
  • Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.
  • CVE-2021-30737: xerub

WebKit

  • Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  • Description: A memory corruption issue was addressed with improved state management.
  • CVE-2021-30761: an anonymous researcher

WebKit

  • Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  • Description: A use after free issue was addressed with improved memory management. 
  • CVE-2021-30762: an anonymous researcher

Reference: Apple releases iOS 12.5.4 for older iPhones with ‘important security updates

Apple Security Updates

Recommendations

Developer:

Business as usual.

QA engineer:

Check that apps work correctly.

PM/DM:

Business as usual.

Leave a comment