Apple’s recently-released iPhone and iPad update doesn’t just fix a privacy bug, but patch two significant security issues which the Cupertino firm says may have already been exploited in the wild. The company’s advice is that users update to iOS 14.5.1 and iPadOS 14.5.1 as soon as possible, in addition to Macs and Apple Watches, so as to protect their devices from the potential hack.
Released earlier this week, iOS 14.5.1 came hot on the heels of iOS 14.5’s debut late in April 2021. At the time, Apple highlighted its inclusion of a fix for the App Tracking Transparency settings.
iPhone and iPad users should have been able to set the system to request permission for personal data sharing on a per-app basis. However, some people discovered that the option to do that was in fact grayed-out, and they couldn’t enable it. iOS 14.5.1 and iPadOS 14.5.1 fixed that problem.
However, as part of the bug fixes and security patches that are commonplace in each iOS and iPadOS update, Apple also addressed something much more serious. Two vulnerabilities impacting WebKit, the browser engine that powers Safari on iPhone and iPad, and which can be used to display browser content in third-party apps, had been reported. iOS 14.5.1 contained the fixes.
Details on both vulnerabilities are scant. “Processing maliciously crafted web content may lead to arbitrary code execution,” Apple says of each in its security disclosure for the new update. “Apple is aware of a report that this issue may have been actively exploited.”
As for what has been changed to address them, that too is fairly barebones in terms of detail. “A memory corruption issue was addressed with improved state management,” Apple says of one flaw. “An integer overflow was addressed with improved input validation,” it adds regarding the second.
Patches for security issues reported to Apple are, as with just about every software developer, commonplace. What’s rarer is to find one which has been actively exploited, as Apple says it believes these have been. That makes it all the more important that people not delay in updating their iPhones,…