Old iPhones and iPads stuck on iOS 12 get a patch for a serious security hole

Enlarge / Older iPhones and iPads running iOS 12.

Apple is releasing a rare security update for older iPhones and iPads stuck on iOS 12, an operating system that received its last security update nearly a year ago. The iOS 12.5.6 update patches a single “actively exploited” WebKit bug that could allow arbitrary code execution if a user encounters “maliciously crafted web content” on their device.

iOS 12.5.6 is available for all devices that can run iOS 12 but can’t be updated to a newer release of iOS or iPadOS. That list includes the iPhone 5S, iPhone 6 and 6 Plus, the original iPad Air, the iPad mini 2 and iPad mini 3, and the 6th-generation iPod Touch.

This is the same “actively exploited” zero-day WebKit vulnerability that Apple patched in newer iOS and macOS versions a couple of weeks ago—not an ideal time gap for an actively exploited bug, but it was probably justified by the age and dwindling usage share of iOS 12 (as of this writing, Apple’s developer site says that about 4 percent of actively used iPhones and 10 percent of actively used iPads run a version older than iOS/iPadOS 14). Apple says that iOS 12 devices aren’t affected by the kernel vulnerability that was also patched by that earlier update.

It’s not totally unheard of for Apple to release minor updates for old, unsupported iDevices when something serious comes up; both iOS 9 and iOS 10 were updated long after their expiration dates to fix a GPS bug back in 2019, for example. These same iOS 12 devices received security updates for nearly two years after being dropped by iOS 13. If you still have an iPhone 5S or iPad Air that you use as a Netflix screen or for some other specialized task, make sure you grab the new update .

Leave a Comment

Your email address will not be published.