Apple Releases Rare iOS 12 Update to Fix Zero-Day WebKit Vulnerability

Apple is releasing a rare security update for older iPhones and iPads stuck on iOS 12, an operating system that received its last security update nearly a year ago. The iOS 12.5.6 update fixes a single “actively exploited”WebKit bug that could allow arbitrary code execution if a user encounters “maliciously generated web content”on their device.

iOS 12.5.6 is available for all devices that can run iOS 12 but can’t upgrade to a newer version of iOS or iPadOS. This list includes the iPhone 5S, iPhone 6 and 6 Plus, the original iPad Air, iPad mini 2 and iPad mini 3, and the 6th generation iPod Touch.

This is the same “highly exploited”WebKit zero-day vulnerability that Apple patched in newer versions of iOS and macOS a couple of weeks ago – not an ideal timeframe for a actively exploited bug, but it was probably justified by age and declining usage. share of iOS 12 (at the time of this writing, Apple’s developer site says that about 4 percent of actively used iPhones and 10 percent of actively used iPads are running a version older than iOS/iPadOS 14). Apple says that iOS 12 devices are not affected by the kernel vulnerability, which was also fixed in this earlier update.

It’s not uncommon for Apple to release minor updates to older, unsupported iDevices when something major comes up; both iOS 9 and iOS 10 were updated well after their expiration date in order to fix the GPS bug, for example, back in 2019. These same iOS 12 devices received security updates for almost two years after they were removed by iOS 13. If you still have an iPhone 5S or iPad Air that you use as a Netflix screen or some other specialized task, make sure that you have installed the new update.

CDN CTB