- 04/05/2021 at 1:10 PM #36720Anonymous UserParticipant
iOS 14.5.1 closes security holes that hackers may exploit
iOS 14.5 has only been available for a week, but Apple already has to push a security patch. Two serious weaknesses were found.
Only recently Apple released numerous security patches with iOS 14.4, 14.4.1 and 14.4.2. Now comes iOS 14.5.1, which owners of an Apple device should install as quickly as possible. The update again closes a loophole in Apple’s WebKit, a browser engine that is the developer base for Safari and many other browsers.
iOS 14.5.1 patches vulnerabilities in Apple’s WebKit
IOS 14.5.1 also automatically installs the functions of iOS 14.5. These include unlocking via Apple Watch when wearing a mask, new emojis and the new app tracking transparency (ATT). However, Apple has specially designed the update to iOS 14.5.1 and iPadOS 14.5.1 a support page set up. The patch notes for the update can also be found there. The details describe the effects of the security holes in Apple’s WebKit.
As a result, one of the weaknesses can be a memory corruption problem. This enables cyber criminals to execute arbitrary code remotely. According to Apple, there are reports that this vulnerability may be actively exploited. This means that the attackers actually tried to execute their malicious code. The company has now closed the gap in iOS 14.5.1 with an “improved status management”.
The vulnerability was added to the database of known vulnerabilities and vulnerabilities (CVE) with ID CVE-2021-30665. It was found by the security research team “yangkang (@dnpushme) zerokeeper & bianliang of 360 ATA”.
iOS 14.5.1 closes another security hole in WebKit. This also allows code to be executed remotely and may be actively exploited. The vulnerability is identified by CVE-2021-30663. Apple has solved the problem with “improved input validation”.
There is also a security update for older iPhones and iPads
With iOS 12.5.3, Apple is currently also providing another security update that affects older iPhones and iPads. The update patches in addition to the above two more vulnerabilities in WebKit (CVE-2021-30666 and CVE-2021-30661). It is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation.
Don’t wait to install
Anyone who has an iPhone or other Apple device for which the update is available should download it as soon as possible. With the 1.04 gigabyte update, you not only get the security patches, but all the new functions of iOS 14.5.
The security patch not only affects iOS 14.5.1 and iPadOS 14.5.1, but also watchOS 7.4.1 and macOS 11.3.1. It is available for iPhone 6s and newer, iPad Air 2 and newer, iPad mini 4 and newer, and iPod touch (7th generation).
- You must be logged in to reply to this topic.