Apple fixes security flaws in seven-year-old iPhone models with iOS 12.5.3
While Apple rolled out its iOS 14.5 update for iPhones last week, followed by another quick security and bug fix update to iOS 14.5.1 on Monday, users on older iPhones that were not compatible did not receive the update. Along with new emoji and better privacy controls, the iOS 14.5 update included important security patches to Apple's WebKit browser engine – these are now rolling out with iOS 12.5.3 to older devices.
Apple is rolling out the iOS 12.5.3 update to its iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Users who install the updates will receive a security update to the operating system components along with a few additional optimisations to the system, according to the company's changelog.
The security fix arriving on older iPhones includes improvements to the browser's WebKit engine. It fixes an issue that would allow an attacker to execute malicious code by processing malicious content. Users should install the update immediately as the company says it is aware of a report that attackers were actively abusing this security flaw.
While it is good to see Apple sending occasional security updates for its older iPhones, it is important to note that these updates are outside the company's official window for software support for these devices. This means that Apple is pushing the updates out even when the device was not eligible for an update, and users will not enjoy the same update cadence as the current line of iPhones.
Apple also has to repeatedly issue OS updates to its older iPhones to fix issues with one part of the system. This is because unlike Android, which has “decoupled” many system components (like the Android System Webview) so that they can be updated via the Play Store, Apple's system apps have to be updated via a system upgrade. This means the company has to issue OS updates whenever there is a major security issue, as is the case with the iOS 12.5.3 current security update.