Apple released an out-of-band iOS update ( iOS 12.5.4 patch) for older iPhones and iPad, the IT giant also warned that some vulnerabilities affecting its WebKit may have been actively exploited.
WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all iOS web browsers.
Apple did not share details of the attacks that targeted older models of Apple iPhone devices.
The iOS 12.5.4 patch addressed at least three vulnerabilities that could be exploited by threat actors to execute arbitrary code on vulnerable devices.
Two of the addressed issues, tracked CVE-2021-30761 and CVE-2021-30762, are memory corruption and use-after-free issues respectively and reside in the WebKit rendering engine. The two flaws could be exploited by tricking owners of devices running iOS 12 into visiting specially crafted web content.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the security advisory published by Apple.
The iOS 12.5.4 fixes the flaws in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Both issues were reported by an anonymous researcher.
The iOS 12.5.4 also addressed a memory corruption issue in the ASN.1 decoder tracked as CVE-2021-30737. The flaw can be exploited by processing a maliciously crafted certificate to lead to arbitrary code execution.
(SecurityAffairs – hacking, iPhones)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.