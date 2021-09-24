Apple has sent out operating system updates to older devices. Seven devices of the company received the new iOS 12.5.5: iPhone 5s, iPhone 6 and 6 Plus, iPad Air (1st Gen), iPad mini 2 and mini 3, as well as iPod Touch (6th Gen). All of these devices were shown before 2016.

The update contains fixes for vulnerabilities related to XNU, WebKit and CoreGraphics. Apple does not say whether the vulnerabilities were exploited by anyone. However, an exploit for XNU, for example, does exist. All three vulnerabilities allow code to be executed with kernel privilege.

The only difference is in what means the code could have been executed. If the XNU vulnerability allowed code to be executed by launching a specific application, then for the same action in WebKit it was necessary to “maliciously create web content”. What kind of web content is this is not reported.

But the CoreGraphics vulnerability allowed code to run by processing a malicious PDF file.

In fact, attackers using these vulnerabilities could gain administrator rights on your device. This can lead to the loss of data, as well as money, if suddenly cards and banking applications are tied to the smartphone.

To update all seven devices, you need to go along the path: “Settings” → “General” → “Software update”.