Apple is urging owners of old iPhones to get this software update right away

Security patch targets ‘maliciously crafted certificate’ and two WebKit vulnerabilities

Vishwam Sankaran
Tuesday 15 June 2021 01:39 EDT
Comments
Apple logo is displayed on an iPhone 6 on July 21, 2015 in San Francisco, California
Apple logo is displayed on an iPhone 6 on July 21, 2015 in San Francisco, California (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Apple has rolled out a new security update for its older gadgets running on iOS 12 such as the iPhone 5s, iPhone 6, iPhone 6 Plus and iPad Air, to fix a trio of vulnerabilities including some which could lead to memory corruption.

“This update provides important security updates and is recommended for all users,” Apple said in the release notes for the iOS 12.5.4 update.

While most of the devices running on this iOS version were launched in 2013 or 2014 and would be currently six or seven years old, Apple has continued to update them with important security fixes.

Even though these gadgets have not received any new features with the launch of iOS 13, they are still under wide use.

A report by DeviceAtlas says about 8 per cent of iPhone users as of 2020 were still using iPhone 5s, iPhone 6 or iPhone 6 Plus.

According to the tech giant, the new software patch targets a “maliciously crafted certificate” and two WebKit vulnerabilities – which could lead to arbitrary execution of codes by devices.

WebKit is the web browser engine used by Safari as well as other apps on iOS, and in this flagged vulnerability, if users opened a maliciously prepared page, the system could execute illegal code in the background that could open the door to cyber attacks.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” the company said in its release notes.

In the other vulnerability, Apple explained that processing a maliciously crafted certificate may lead to arbitrary code execution, adding that it also patched this issue in iOS 14.6.

For the new patch, users can go to Settings > General > Software Update to download and install the update. 

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in