Although Apple doesn’t promise to update older versions of iOS and iPadOS, the company often releases security updates to protect users of devices that can’t update to the latest. To that end, Apple has just released iOS 12.5.7 and iOS/iPadOS 15.7.3.
iOS 12.5.7 addresses a serious security vulnerability in WebKit that could allow maliciously crafted Web content to execute arbitrary code. This vulnerability, which is being exploited in the wild, is the same one that Apple plugged in mid-December for other operating systems (see “Apple Releases iOS 16.2, iPadOS 16.2, macOS 13.1 Ventura, watchOS 9.2, and tvOS 16.2,” 13 December 2022, and “iOS 15.7.2 and iPadOS 15.7.2 Block Exploited Security Vulnerability,” 14 December 2022).
The only reason to delay updating is if you back up your iPhone or iPad to your Mac and are not currently being nagged by a passcode request on every connection (see “iPhones and iPads Now Require a Passcode on Every Backup/Sync,” 11 January 2023). I don’t know if updating will change that behavior (or if devices running iOS 12 are already experiencing it), but it’s worth waiting until someone can test before proceeding. If you back up to iCloud, I recommend updating to iOS 12.5.7 right away.
iOS 15.7.3 and iPadOS 15.7.3 address five security vulnerabilities, none of which are being exploited in the wild. You’ll want to update, but feel free to wait a week or so to make sure no unexpected problems crop up in online discussions.