PSA | Apple Releases Critical iOS 12.5.5 Update for Older iPhones

Even though iOS 15 can still be installed on every iPhone released in the past six years — and every new iPhone sold by Apple since early 2017 — the company is also continuing to support even older iPhone models, with important iOS updates for devices as far back as the 2013 iPhone 5s and iPad mini 2.

Last Monday, Apple released an iOS 14.8 update that was so critical that the company wasn’t even willing to wait for the impending public release of iOS 15. Now it appears to be following that up with an update to address the same security issues for those devices that are still stuck on iOS 12.

According to Apple’s iOS 12.5.5 release notes, the patch addresses vulnerabilities in CoreGraphics, WebKit, and the iOS kernel (XNU), all of which Apple claims are vulnerable to active exploits.

This means that if you’re still running an iOS 12 device, you should install this update right away.

What’s Fixed in iOS 12.5.5?

Specifically, Apple notes that both the CoreGraphics and WebKit vulnerabilities could result in “arbitrary code execution” through the processing of “maliciously crafted” PDFs or web content. In both cases, Apple says that it is “Apple is aware of a report that this issue may have been actively exploited.”

The kernel vulnerability is even more serious, especially when paired with the other two, since it could allow that “arbitrary code” to execute with full kernel privileges, giving it access to everything on the device.

While Apple doesn’t say whether this one has been exploited yet, it does note that it’s “aware of reports that an exploit for this issue exists in the wild.”

Apple credits The Citizen Lab for reporting the CoreGraphics vulnerability, while the WebKit vulnerability is attributed to “an anonymous researcher.” The kernel (XNU) issue, on the other hand, came from Google Researchers, specifically Erye Hernandez and Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero.

It’s likely that the iOS 12.5.5 update is specifically intended to combat the Pegasus Spyware that has reportedly experienced a resurgence in use lately. Although Pegasus has been around for years, it was widely believed that it had been neutered by Apple’s new security measures in iOS 14.

Unfortunately, security like this is always a cat-and-mouse game, and the minute Apple puts up a defense, the clever hackers on the other side figure out a new way to penetrate it. This appears to have been the case with iOS 14’s Blastdoor, and a report earlier this year from Amnesty International revealed that the Pegasus spyware was being abused to target and spy on “human rights defenders (HRDs) and journalists around the world.”

To be fair, Pegasus was ostensibly developed to be used by governments and law enforcement agencies for counterterrorism, but as Apple repeatedly pointed out in its opposition to the FBI’s requests for an iOS backdoor, such tools are always a double-edged sword.

While Apple hasn’t made any specific comments about Pegasus, the fact that at least one of the vulnerabilities in question was reported by The Citizen Lab — the same group that reported the flaws fixed in last week’s iOS 14.8 update — suggests that the iOS 12.5.5 update is intended to address the same issues for those who are still using older iPhones and iPads.

What About Other iOS Versions?

Since Apple has offered landmark compatibility over the past three major iOS updates, there won’t be any devices stuck on iOS 13 or iOS 14. This means we likely won’t see a security patch for iOS 13, and of course Apple has already released the corresponding update for iOS 14.8 last week.

If you have a 2015 iPhone 6s or 2016 iPhone SE or newer, your device is fully capable of running iOS 15. That said, this year Apple is allowing users to remain on iOS 14 if they so choose, so we’ll likely still see more security updates for that version.

Along the same lines, all the devices that were capable of running iOS 11 can also be updated to iOS 12. This encompasses the 2013 iPhone 5s, the 2014 iPhone 6 and iPhone 6 Plus, the 2013 iPad mini 2, and the 2014 iPad Air and iPad mini 3.

This also applies to the sixth-generation iPod touch, which is actually the only device released in 2015 that can’t be updated beyond iOS 12, but of course, it also shares the same A8 CPU as the 2014 iPhones and iPads. For the same reasons, the 2013 iPhone 5c is also left off this list, since it had the same 32-bit A6 chip as the 2012 iPhone 5.

Since Apple considers all of its devices “vintage and obsolete” after seven years, and every iOS device released in the last eight years can run iOS 12, don’t expect any updates for older iOS versions. Apple already supports its devices for far longer than the other dominant smartphone platform, and if you’re still toting a nine-year-old iPhone 5, then perhaps this is a good incentive to finally upgrade to something at least a bit more modern.