iPhone models that can’t install iOS 14 or iOS 15 can still get protection from the infamous Pegasus spyware thanks to iOS 12.5.5. Apple released this update Thursday for devices as old as the iPhone 5s to close a security hole in active use by hackers.
The same update can also be installed on older iPad and iPod touch models.
iOS 12.5.5 closes security holes in active use
Apple introduced iOS 14.8 in mid-September to fix the security flaws used by Pegasus. And this week’s iOS 15 release includes the same fixes. But many older models can’t install either of those. They can use iOS 12.5.5, however.
According to Apple, the security patch released Thursday is for the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
Apple’s support website gives the details on what’s been fixed. There are a number of patches in iOS 12.5.5, but the most important one is to CoreGraphics. Previously, a hole allowed a hacker to break into an device with a deliberately crafted PDF.
As noted by the support document, “Apple is aware of a report that this issue may have been actively exploited.” The Citizen Lab first discovered the flaw in an iPhone that had been hacked with Pegasus. This spyware was developed by NSO Group and is being used by governments around the world to hack the smartphones of activists, politicians, journalists and other individuals.
Installing iOS 12.5.5 is therefore highly recommended. More recent devices should get either iOS 15 or iOS 14.8.
That said, it’s not yet been proven that fixing the security hole found by The Citizen Lab will completely block Pegasus. But the spyware was undoubtedly using it.