Critical update for older iPhones

Read Time:1 Minute, 39 Second

Apple delivers critical update for older iPhones, but not iOS 14 devices

Setting

It’s rare for Apple to deliver updates for devices that aren’t running the latest version of its iOS and iPadOS systems. So when this is the case, it is better to take it into account. And the iOS 12.5.4 version delivered last week definitely falls into the critical category. For iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation), this update resolves vulnerabilities in WebKit that have been exploited in the wild.

Security

Result : Processing a maliciously tampered certificate may lead to the execution of arbitrary code.

Description : A memory corruption issue in the ASN.1 decoder has been fixed by removing the vulnerable code.

The vulnerability referenced CVE-2021-30737 was reported by xerub.

WebKit

Result : Processing malicious web content may lead to arbitrary code execution. According to a report that Apple is aware of, it is possible that this vulnerability has been actively exploited.

Description : A memory corruption issue has been fixed with better state handling.

The vulnerability referenced CVE-2021-30761 was reported by an anonymous researcher.

WebKit

Result : Processing maliciously crafted web content may lead to arbitrary code execution. According to a report that Apple is aware of, it is possible that this vulnerability has been actively exploited.

Description : A use-after-free issue was addressed with better memory management.

The vulnerability referenced CVE-2021-30762 was reported by an anonymous researcher.

The CVE-2021-30737 vulnerability was fixed for iOS 14 users in the iOS 14.6 update released in May. On the other hand, the two other patches for the vulnerabilities affecting WebKit will probably be added to version 14.7 of iOS, currently in beta phase. Generally, Apple releases its software updates in similar time frames, which could indicate the imminent release of iOS 14.7. But for now, these two WebKit vulnerabilities are not patched and remain exploitable.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Hycu Launches Its Msp Protg Program Previous post Hycu launches its MSP Protg program
Supply Chain Attacks Cost Businesses More Next post Supply chain attacks cost businesses more