It’s as long as just about no device is exempt from security flaws. It’s a continuing cat and mouse game where software developers keep patching bugs and hackers keep finding new gaps and deficiencies to take advantage of. No code is ideal, and Apple’s certainly isn’t. Last week, Apple started rolling out iOS and iPadOS 14.5 to compatible devices far and wide worldwide, but that they had two gaping zero-day vulnerabilities that allowed hackers to execute malicious code on devices that are fully updated. Now, Apple has released iOS 14.5.1, fixing these vulnerabilities.
Both patched vulnerabilities resided in WebKit, Apple’s browser engine that powers Safari, and everyone’s iOS and iPadOS web page alike in apps like Mail and even the App Store. Both vulnerabilities, CVE-2021-30663 and CVE-2021-30665, kicked in when the WebKit engine processes “maliciously crafted web content”, and it might cause arbitrary code execution, consistent with Apple’s patch notes for version 14.5.1 of their mobile OS. Apple also recently patched CVE-2021-30661, another WebKit-related vulnerability, last week.
Apple gave no information on who is using or being targeted by the exploits, but they did say that they were conscious of “a report that this issue may are actively exploited.” Researchers from a China-based security firm Qihoo 360, discovered CVE-2021-30665. An unidentified source found the opposite flaw. These two flaws also are fixed in macOS 11.3.1 for Mac computers, which was released right around the same time as this update.
But that’s not everything that the iOS 14.5.1 update (via Ars Technica) brings, as Apple also took the chance to bake other bug fixes also. For instance, the new update also fixes problems with a bug within the newly released App Tracking Transparency feature, unrolled within the previous version. However, your mileage may vary as some users have reported that the quality remains having issues even after the update.
