Apple’s recently released iPhone and iPad update not only fixes a privacy bug, it also fixes two major security issues that the Cupertino company claims may already have been exploited in the wild. The company recommends that, in addition to Macs and Apple Watches, users update to iOS 14.5.1 and iPadOS 14.5.1 as soon as possible to protect their devices from possible hacking attacks.
iPhone and iPad users should be able to set the system to request permission to share personal data per app. However, some people found that the option to do this was actually dimmed and they couldn’t turn it on. iOS 14.5.1 and iPadOS 14.5.1 have fixed this problem.
However, as part of the bug fixes and security patches that come with every iOS and iPadOS update, Apple has also addressed something much more serious. Two vulnerabilities have been reported that affect WebKit, the browser engine that Safari supports on iPhone and iPad that is used to display browser content in third-party apps. iOS 14.5.1 included the fixes.
Details on both vulnerabilities are sparse. “Processing maliciously crafted web content can lead to arbitrary code execution.” Apple says from everyone in their security disclosure for the new update. “Apple has known that this issue may have been actively exploited.”
What has been changed to address them is pretty barebones in terms of details as well. “A memory corruption problem has been fixed with improved status management,” says Apple of a bug. “An integer overflow was fixed with improved input validation,” he adds, referring to the second.
Patches for security issues that have been reported to Apple are commonplace, as is the case with almost every software developer. What is rarer is to find one that has been actively used, as Apple believes it has been. It is all the more important that people don’t delay their iPhones, iPads, and iPod touches as they could potentially get caught in the hack in the wild.
This means that anyone with an iPhone 6s or higher, iPad Pro (all models), iPad Air 2 or higher, iPad 5th generation or higher, iPad mini 4 or higher or iPod touch (7th generation) can now go to the settings Should click General, then Software Update, and make sure you are running the latest version of the operating system.
Meanwhile, those with older devices will also find that they need to install a new version of software. The iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) may not be the normally updated models, but they do iOS 12.5.3 was released with a number of WebKit security patches. Again, some have been actively exploited in the wild, so the update should be loaded as soon as possible.
There is also a new update for the Apple Watch. watchOS 7.4.1 A WebKit update is also included, which is available for Apple Watch Series 3 and later. Again, it aims to address a vulnerability that Apple believes has been actively exploited.
Finally, those running macOS Big Sur should check their computer for an update as well. Version 11.3.1 comes with two WebKit patches for vulnerabilities that have been actively exploited.