Apple issued two out-of-band security fixes for its Safari web browser, fixing zero-day vulnerabilities that may have been actively exploited, the company said. The bugs affect sixth-generation Apple iPhones, iPads and iPod touch model hardware, released between 2013 and 2018. Apple is not releasing any additional details pertaining to these vulneraries. The patch, iOS 12.5.4, is available for download and is distributed as a iOS update for the same model hardware as above: iPhone 5s, iPhone 6, iPhone.
Source: https://threatpost.com/apple-patch-safari-active-attack/166922/