Apple security patches for iOS flaw on older iPhones and iPads

Discovered by an anonymous researcher, said it is aware of a report that the flaw ‘may have been actively exploited’.

Apple has released updates for older iPhone and iPad devices running on iOS 12 to patch a vulnerability that can allow hackers to take control of the device.

Users of iPhone 5S, iPhone 6, iPhone 5 Plus, iPad Air, iPad mini 2, iPad mini 3 and iPod touch (6th generation) are now advised to update to iOS 12.5.6 to protect their devices.

The software giant posted a document yesterday (31 August) describing the flaw in which “an out-of-bounds write issue was addressed with improved bounds checking”.

The patches were backported from a previous update two weeks ago that addressed similar issues on iPhone 6S and later models, all iPod Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation).

Discovered in WebKit, the browser engine used by Safari and other apps that can access the web, the iOS 12 vulnerability may allow hackers to run arbitrary code execution on devices that access malicious websites.

This means that a hacker can use arbitrary code execution to try and achieve administrator control of a device.

Apple said that it is aware of a report that this issue “may have been actively exploited”. It attributed an anonymous researcher with the discovery of the flaw.

Older devices running on iOS 12 were not affected by a second vulnerability that affected the kernels of newer models’ operating systems – a core component of any OS with the highest privileges. This could have given hackers the ability to execute any commands and effectively take control of the device.

These types of vulnerabilities have been exploited by malicious actors in the past, notably with the use of Pegasus spyware. Last September, Apple issued an urgent update to address a security flaw that could be exploited to infect iOS devices with the spyware.

While everyone using older devices on iOS 12 should update their devices immediately, obvious targets of hackers using sophisticated spyware, such as politicians, activists and journalists, should prioritise the latest updates.

You might also like
Leave A Reply

Your email address will not be published.