Apple Issues Security Warning To Owners Of Older Devices; What Should Users Do?

Users of older iOS devices should immediately download the latest update, iOS 12.5.4, following Apple's most recent warning over security and safety concerns.

Cupertino-based tech giant Apple rolled out the iOS 12.5.4 update on June 14. The update doesn't come with new features, but it's mainly for the protection of users, particularly those with older devices.

The update is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) devices.

Some consumers don't want to update their iOS devices as they are worried that their gadgets would be out of commission for a very long time. However, as long as consumers update their iOS devices from 12.5.3 to 12.5.4, the download and update would only take between 8 to 10 minutes.

Apple did not disclose the details on how the latest iOS 12.5.4 security update would affect customers' protection. In the company's security bulletin, however, it mentioned that the update patches two major security flaws related to the Safari browser. Specifically, it quashes the page-rendering engine called Webkit.

According to Toms Guide, both security flaws are zero-day ones since hackers may have used them on iPhone users. Apple listed the security flaw CVE-2021-30761 in its security bulletin, which entails WebKit memory corruption. The other flaw is CVE-2021-30762, which allows threat actors to plant malicious code to invade the memory space of the WebKit after the engine frees up some memory.

These security flaws were previously uncovered by an anonymous researcher, according to Apple. When left unpatched, these vulnerabilities can allow maliciously crafted web content to run code on an iOS device, the tech giant revealed. To put it simply, these security flaws can let a website install and run malware on an iOS device without the owner's knowledge.

Apple also talked about another flaw called CVE-2021-30737 in its security bulletin. This particular flaw, which doesn't seem to have been used in active attacks, involves memory corruption in ASN1 software that devices use to encrypt and decrypt secure communications.