Today an update for iOS was released for both iPhone and iPad, and alongside it, some real fixes. This update patches vulnerabilities and security problems of several sorts, mainly for devices released before the iPhone 7 – that’s, before the year 2016. If you’ve got an iPhone or iPad newer than this, it’s still important to see for updates, especially security updates, but you’re probably fine for now.
In iOS 12.5.5, users will find fixed vulnerabilities handling CoreGraphics, WebKit, and XNU. For XNU, a vulnerability was discovered that allowed a malicious application to execute arbitrary code with kernel privileges. Apple noted that they were conscious of reports that “an exploit for this issue exists within the wild,” but didn’t say that said vulnerability was actively exploited.
For WebKit, a touch of “maliciously crafted web content” could potentially cause arbitrary code execution. This vulnerability is different from the XNU-related issue, as Apple suggests they were conscious of a report during which this WebKit issue “may are actively exploited.”
The CoreGraphics little bit of this release worked by processing a maliciously crafted PDF. This vulnerability had the potential to initiate arbitrary code execution via said maliciously crafted PDF. The fix addressed an integer overflow with improved input validation.
The CoreGraphics issue was submitted by The Citizen Lab, WebKit by an anonymous researcher. Therefore the XNU issue was submitted by Clément Lecigne of Google Threat Analysis Group, Erye Hernandez of Google Threat Analysis Group, and Ian Beer of Google Project Zero.
This update is important for iPhone 5s, 6 and 6 Plus, iPad Air (gen 1), iPad mini 2, iPad mini 3, and 6th-gen iPod touch. You’ll download this software update by opening Settings – General – Software Update. If this software update isn’t yet available to you, you’ll likely have access by the top of the week – hopefully, sooner!