iOS 12.5.6 update for iPhone 5s, 6 and 6 Plus fixes a critical security issue
Apple has released a new update for the iPhone 5s, 6 and 6 Plus, and a couple of older iPads. The iOS 12.5.6 update that contains a security fixe for a critical issue.
iOS 12.5.6 update fixes a security issue in older iPhones and iPads
A support page on the Cupertino company's website describes the issue as follows: "Processing maliciously crafted web content may lead to arbitrary code execution." In other words, the bug could have allowed attackers to execute malicious code in apps for example, it may allow a website to run a malware script. Since the issue is related to the WebKit engine it not only impacts Safari, but also includes all apps that rely on it, especially other web browsers.
The issue has been filed under 243557 at WebKit Bugzilla. The vulnerability was an out-of-bounds write issue, which Apple has addressed with improved bounds checking.
The release notes published by Apple indicate that the vulnerability may have been exploited by a threat actor, though it doesn't go into further details about the same. This might explain why the company jumped to fix the bug on old phones, to prevent more users from being impacted by the issue.
The security issue has reference number CVE-2022-32893. The number and the description of the bug might sound similar to the one referenced in our previous article, that's because it is. To recall, the company rolled out an update last month, to fix a couple of security issues in iOS 15.6.1, iPadOS 15.6.1 and macOS Monterey 12.5.1. However, Apple has confirmed that devices that are running on iOS 12 are not affected by the 2nd exploit, referred to in CVE-2022-32894.
Devices that are eligible for the iOS 12.5.6 update
The iOS 12.5.6 update is available for the following devices: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th gen. 9to5Mac notes that the build number of the firmware is 16H71.
The electronics giant dropped feature support for the devices when it released iOS 13. Apple released the final iOS 12 update for these devices in September 2021, but continued to provide security fixes when they were available. For example, the iPhone 5s was announced 9 years ago, in September 2013, but it still receives security updates. It's good to see a company offering long-term support for older devices, which is one of the reasons why some people hang on to their iPhones for many years. Now, if only Apple allowed updating system apps like Mail, iMessage without requiring iOS updates, that would be fantastic.
Nevertheless, Android OEMs can learn a thing or two from Apple's software support policy. Samsung provides 4 years of OS updates and 5 years of security updates for its flagship phones. Likewise, Google supports 5 years of security updates for its newer Pixel phones. The rest of the crowd aren't very impressive, some companies provide just a year of updates before ending software support for the device completely.
Apple is set to announce the iPhone 14 lineup on September 7th. It will release the iOS 16 update a week later, around September 16th.
Do you use an old iPhone that no longer receives OS updates?Advertisement