Apple’s recently-released iPhone and iPad update doesn’t just fix a privacy bug, but patch two significant security issues which the Cupertino firm says may have already been exploited in the wild. The company’s advice is that users update to iOS 14.5.1 and iPadOS 14.5.1 as soon as possible, in addition to Macs and Apple Watches, so as to protect their devices from the potential hack.
iPhone and iPad users should have been able to set the system to request permission for personal data sharing on a per-app basis. However, some people discovered that the option to do that was in fact grayed-out, and they couldn’t enable it. iOS 14.5.1 and iPadOS 14.5.1 fixed that problem.
However, as part of the bug fixes and security patches that are commonplace in each iOS and iPadOS update, Apple also addressed something much more serious. Two vulnerabilities impacting WebKit, the browser engine that powers Safari on iPhone and iPad, and which can be used to display browser content in third-party apps, had been reported. iOS 14.5.1 contained the fixes.
Details on both vulnerabilities are scant. “Processing maliciously crafted web content may lead to arbitrary code execution,” Apple says of each in its security disclosure for the new update. “Apple is aware of a report that this issue may have been actively exploited.”
As for what has been changed to address them, that too is fairly barebones in terms of detail. “A memory corruption issue was addressed with improved state management,” Apple says of one flaw. “An integer overflow was addressed with improved input validation,” it adds regarding the second.
Patches for security issues reported to Apple are, as with just about every software developer, commonplace. What’s rarer is to find one which has been actively exploited, as Apple says it believes these have been. That makes it all the more important that people not delay in updating their iPhones, iPads, and iPod touch, since its possible they could run into the hack in the wild.
That means anybody with an iPhone 6s or later, iPad Pro (all models), iPad Air 2 or later, iPad 5th generation or later, iPad mini 4 or later, or iPod touch (7th generation) should head into the Settings now, go to General, then Software Update, and make sure they’re running the newest version of the OS.
Those with older devices, meanwhile, will also find they have a new software version to install. The iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) may not be among the models typically updated, but iOS 12.5.3 has been released with a number of WebKit security patches. Again, some have been actively exploited in the wild, and so the update should be loaded as soon as possible.
As for Apple Watch, that too has a new update. watchOS 7.4.1 also comes with a WebKit update, available for the Apple Watch Series 3 and later. Again, it’s to fix a vulnerability that Apple believes has been actively exploited.
Finally, those running macOS Big Sur should also check for an update on their computer. Version 11.3.1 comes with two WebKit patches for, again, vulnerabilities that have been actively exploited.