Apple released an update of its iPhone operating system from 2018 on 23 September, in which the company closes a serious gap.
When Apple updates an old mobile operating system it usually means that the gap or gaps that have been closed with it are serious and have already been exploited in the wild. Therefore it should be no surprise that, according to Apple’s security notes, the update closes three gaps that had already been exploited.
Apple outlines the following security flaws that are addressed in the update:
A gap in Core Graphics could allow a specially prepared PDF document to inject malicious code and executed.The identifier of this security flaw is named as "The Citizen Lab", so it can be assumed that this gap was used in the Pegasus hack.
Apple has closed two other vulnerabilities in Webkit and XNU, which, according to the developer, were also known and actively applied to hackers.
The update to iOS 12.5.5 is compatible with the iPad mini 2 and 3, iPhone 5S and iPhone 6, 1st generation iPad Air and the 6th generation iPod touch.
Those with newer iPhones need not worry as the webkit and core graphics gaps were closed with iOS 14.8 a week previously and are not present in iOS 15.
The XNU gap is also not found in newer systems, but it is present in macOS Catalina, for which Apple has also rolled out a security update.
Despite the age of iOS 12, Apple still updates the system almost every two months or so. The iOS 12.5 update arrived in December 2020 and bought APIs for the Corona Warning app. There have also been updates in January, March, May, June and now in September.
This article originally appeared on Macwelt. Translation by Karen Haslam.