Apple just released a new patch for its older devices running iOS 12, fixing 3 security vulnerabilities. While the first vulnerability, listed as CVE-2021-30737 and described as a memory corruption issue in a decoder, was fixed in the iOS 14.6 update, so if you have that update you don’t need to worry.

However, there are 2 WebKit vulnerabilities patched in this that are currently being exploited in the wild. WebKit is the engine that powers website rendering for Safari, all 3rd party browsers (i.e. Firefox, Chrome, Brave, etc.) on iOS, and just about any app that renders webpages in the app.

Hopefully we’ll see an update to either iOS 14.6.1 or 14.7 soon, but in the meantime update any devices still running iOS 12 and be mindful of what you do in iOS 14.

The full patch notes are as follows:

Security

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution

Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.

CVE-2021-30737: xerub

WebKit

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30761: an anonymous researcher

WebKit

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management. 

CVE-2021-30762: an anonymous researcher