SK-CERT warns: 0-day vulnerabilities in iOS 12.5.3, update immediately

The National Cyber Security Centre SK-CERT warns of 0-day vulnerabilities in the iOS operating system for older Apple devices in version 12.5.3, which allow an attacker to remotely execute arbitrary code. According to available information, vulnerability is being actively exploited by attackers.

Apple also uses older versions of the iOS operating system on its older devices, which are still popular and widespread around the world, including Slovakia.

Vulnerabilities tracked as CVE-2021-30737, CVE-2021-30761 and CVE-2021-30762 (all with CVSS 8.8) allow arbitrary code execution while processing malicious web content.

Apple has released an iOS 12.5.4 operating system update that fixes the mentioned vulnerabilities in the previous version of this operating system. The update can be installed on the following devices:

  • iPhone 5s
  • iPhone 6
  • iPhone 6 Plus
  • iPad Air
  • iPad mini 2
  • iPad mini 3
  • iPod touch (6th generation)

The National Cyber Security Centre SK-CERT therefore recommends to update the iOS operating system on each of the devices listed above to the latest version without delay and subsequently maintain the iOS operating system updated with the latest security updates (if issued). The iOS operating system also allows automatic update downloads and installations, so it is recommended to enable this function. 

Apple has patched 12 zero-day vulnerabilities present in iOS, iPadOS, macOS, tvOS and watchOS operating systems since the beginning of this year.

« Späť na zoznam