If you have already heard This Week’s Naked Security Podcast You can see that iOS 12, the latest and greatest version before iOS 15, which arrived this Monday, has finally been concluded …
… It was forever abandoned by Apple.
Apple is famous for not telling us anything about the security status of our products until the patch is released.
So if iOS 14 was updated in the last few patch cycles, but iOS 12 wasn’t, I wasn’t sure if it was still safe and didn’t need a patch, or if it needed a patch. , A little late, need a patch, or can’t get the patch.
And this week, iOS 15 arrived as a new kid in Block, so we followed the “one-in-one-out” principle and assumed the worst.
I haven’t started yet so it’s not over
We guessed With a podcast That iOS 12 didn’t get the patch, not because Apple hadn’t finished creating the patch yet, but because Apple hadn’t started the update and never started it.
iOS 12 speculated that Apple wouldn’t update iOS 12 again because it lacked support along with the older device it was running on. (The word we used is “If only Apple says,’iPhone 6 and earlier. iOS 12: The curtain is closed. Support will end.”)
Well, we were wrong.
Ironically, you’ll receive Apple’s latest email security notifications delivered directly to your iPhone 6 running iOS 12.5.4 and be informed about the latest security updates. iOS 12.5.5..
As a result, older phones still have a lifetime, and more importantly, two critical zero-day bugs that were fixed in iOS 14 last week have also been patched in iOS 12.
After all, it turns out that iOS 12 isn’t dead, it’s just resting.
Better than never late
The first bug was a flaw in the infamous CVE-2021-30860, which also dramatically Forced dubbing It is by Citizen Lab, the first organization to disclose to Apple for patching.
According to Citizen Lab, the malware investigated for CVE-2021-30860 came from the activist’s iPhone and was embedded via an exploit embedded in a booby-trapped iMessage communication.
The second fixed iOS 12 bug that was already patched in iOS 14 was CVE-2021-30858. This is a zero-day vulnerability in WebKit.
This bug was actually seen, had no dramatic inside story, and had no research firm to talk to the media, but it’s probably as dangerous as the Citizen Lab bug.NS “Anonymous researcher.”
One injury is the injury of everyone
As we can see now, these bugs were clearly inherited from iOS 13 to iOS 14 rather than being introduced by a new feature in the iOS 14 code (now officially superseded by iOS 14). It is not supported as its own version because it is more), and was obtained in order from iOS 12.
Equally important is the iOS 12.5.5 update Third zero-day hallThis time at XNU, it’s the heart of Apple’s operating system kernel open source.
It has been patched and there are no details about that bug called CVE-2021-30869, except as Apple said. “The exploit for this problem actually exists.”
By the way, the bug of CVE-2021-30869 Exists in CatalinaIt’s an earlier version of the macOS operating system, but it’s still supported, so you’ll get updates as well.
what to do?
- Get iOS 12.5.5 for older iPhones and iPads. The same update was used on Apple phones and tablets until iOS 13 was introduced and split into two separate lines called iOS and iPad OS.
- Get security update 2021-006 for Mac running macOS Catalina.. This kind of update does not increase the version number of Catalina, which remains 10.15.7.
use Configuration >> >> Universal >> >> Software update On Apple phones and tablets
And use Apple menu >> >> System Preferences >> >> Software update Laptop and desktop Mac.
Still alive! iOS 12 Get Three Zero-Day Security Patches – Update Now – Naked Security
https://nakedsecurity.sophos.com/2021/09/23/still-alive-ios-12-gets-3-zero-day-security-patches-install-them-now/ Still alive! iOS 12 Get Three Zero-Day Security Patches – Update Now – Naked Security