Apple has released an important security update for the iPhone 5s, iPhone 6 and older iPads to address one of two flaws affecting iOS 15 that also affected iOS 12.
Apple has rolled out a fix for iOS 12 in the update in iOS 12.5.6 that brings across a patch for a remote code execution flaw that it fixed in iOS 15.6.1 in mid-August.
The iOS 12.5.6 update is available for the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). It's a rare patch for iOS 12. The last time these models were updated was September 2021 and none of them can be upgraded to iOS 15.
SEE: Best cheap 5G phone 2022: No need to pay flagship prices for quality devices
Apple fixed two bugs in iOS 15.6.1 that were both being actively exploited. CVE-2022-32894 allowed a malicious app to execute arbitrary code with kernel privileges, while CVE-2022-32893 was a bug in the Safari's WebKit browser engine that could lead to arbitrary code execution from a malicious website.
CVE-2022-32894 doesn't affect iOS 12. However, the WebKit bug does.
"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," Apple notes in its security advisory.
The iPhone 5s and original iPad Air were released in September 2013 while the iPhone 6 was released in September 2014.
Owners of these models might have already abandoned them because important apps, like banking apps, often don't work on older versions of iOS.
But, given the bug was being actively exploited, people who do still use these models should check for the update in Settings under General, followed by tapping Software Update.