Apple has sent operating system updates to older devices. Seven devices from the company received the new iOS 12.5.5: iPhone 5s, iPhone 6 and 6 Plus, iPad Air (1st generation), iPad mini 2 and mini 3, as well as iPod Touch (6th generation). All of these devices were shown before 2016.
The update contains solutions for XNU, WebKit, and CoreGraphics-related vulnerabilities. Apple does not say if anyone has taken advantage of the vulnerabilities. However, there is an exploit for XNU, for example. All three vulnerabilities allow you to run code with kernel privilege.
The only difference is in what it means the code could have been executed. If the XNU vulnerability allowed the code to be executed by launching a specific application, then for the same action in WebKit it was necessary to “create web content maliciously”. It is not reported what type of web content it is.
But the CoreGraphics vulnerability allowed code to be executed by processing a malicious PDF file.
In fact, attackers using these vulnerabilities could gain administrator rights to your device. This can lead to data loss as well as money, if cards and banking applications are suddenly related to your smartphone.
To update the seven devices, you must follow the path: “Settings” → “General” → “Software Update”.