iOS 12.5.4 Brings Security Updates to Older Apple Devices

Older Apple Devices have received a new security update that fixes a number of exploitable issues that would leave users open to malicious commands.

According to Apple, a new update for older model Apple devices removes some code from the ASN.1 decoder, which was causing a memory corruption issue that could be exploited by "processing a maliciously crafted certificate."

This means that someone could use or alter a set of user credentials in order to trick the system into running other commands, like opening or downloading malicious content without the user's knowledge or consent.

One of the weaknesses in Webkit is similar to the ASN.1 decoder problem with memory corruption, though instead of a decoder exploit, it was possible for malicious web content to run commands. Apple goes on to acknowledge that this particular exploit may have been actively used in the past, before the update.

The second Webkit issue also allowed web content to execute commands, but was tied to a Use-After-Free vulnerability.

UAF relates to the issue of accessing memory that already has been freed by having a memory pointer/address intended for one process carried over to another. This can lead to memory corruption and malicious command execution, and even enable the ability to remotely run code.

The iOS 12.5.4 update is available for the iPhone 5s, iPhone 6, iPhone 6 Plus, iPod Touch, iPad Mini 2, iPad Mini 3, and iPad Air and addresses security vulnerabilities from memory corruption and Webkit.

Apple urges those who can download the update to do so, as it closes a few significant openings—some of which have likely been previously exploited.