Apple has released iOS 12.5.4 update that addresses two zero-day vulnerabilities in Apple's mobile operating system.

Specifically, the update fixes three issues in iOS - a memory corruption vulnerability in the ASN.1 decoder (CVE-2021-30737) and two vulnerabilities in the WebKit browser engine (CVE-2021-30761 and CVE-2021-30762). The first issue is a memory corruption vulnerability that could be exploited for remote code execution with the help of malicious web content.

CVE-2021-30762 is a use after free issue that could also allow to execute code remotely with the help of malicious web content.

Issues affect iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, iPod touch (6th generation).

All iOS device owners are encouraged to upgrade as soon as possible.

Source: securitylab.ru