Photo Credit: Reuters
Apple has released iOS 14.5.1 and iPadOS 14.5.1 for compatible iPhone and iPad models to patch two zero-day security flaws in WebKit that allowed attackers to execute a malicious code on the recently updated devices. The same security flaws existed for Mac computers and Apple Watch models that have also received macOS Big Sur 11.3.1 and watchOS 7.4.1 updates, respectively. The Cupertino company has also released iOS 12.5.3 for its older iPhone and iPad models to fix a total of four WebKit-related security issues, including the two zero-day flaws.
According to the details provided via a security post by Apple, iOS 14.5.1 and iPadOS 14.5.1 carry fixes for the two vulnerabilities that exist in the WebKit browser engine, which is meant for rendering Web content in Safari, App Store, Mail, and other apps. The vulnerabilities are listed as CVE-2021-30663 and CVE-2021-30665.
While the CVE-2021-30663 is described as an integer overflow problem, the CVE-2021-30665 is a memory corruption issue. Both vulnerabilities allowed attackers to execute a malicious code through specially crafted Web content.
Apple said that it was aware of reports that both security issues might have been actively exploited. Users are, therefore, highly recommended to download and install the iOS 14.5.1 and iPadOS 14.5.1 updates on their devices.
The new updates also include a fix for the App Tracking Transparency prompts.
“This update fixes an issue with App Tracking Transparency where some users who previously disabled Allow Apps to Request to Track in Settings may not receive prompts from apps after re-enabling it,” the company said in the update description.
In addition to iOS 14.5.1 and iPadOS 14.5.1, Apple has released macOS Big Sur 11.3.1 and watchOS 7.4.1. These updates are also meant to fix the two zero-day vulnerabilities that the company has patched for newer iPhone and iPad models through the iOS and iPadOS updates.
Apple has also brought iOS 12.5.3 for its older iPhone, iPad, and iPod touch models, namely iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). It fixes the CVE-2021-30663 and CVE-2021-30665 vulnerabilities alongside two additional zero-day flaws affecting WebKit that are recorded as CVE-2021-30666 and CVE-2021-30661.
The new security updates come just a week after Apple released iOS 14.5, iPadOS 14.5, macOS Big Sur 11.3, watchOS 7.4, and tvOS 14.5 for compatible devices. The company has also stopped signing iOS 14.4.2, which means that users will not be able to downgrade to the earlier iOS version from iOS 14.5 or iOS 14.5.1 if they have already updated their Apple devices.
The iOS 14.5.1 and iPadOS 14.5.1 can be downloaded through Settings > General > Software Updates on eligible iPhone and iPad models. For MacBook, iMac, Mac mini, and other Mac models, macOS Big Sur 11.3.1 can be downloaded by going into System Preferences > Software Update after clicking on the Apple menu icon from the top-left corner of your computer screen. You can also find the latest macOS update by visiting the About This Mac setting from the Apple menu.
Apple Watch users can download the watchOS 7.4.1 update by going to the My Watch tab from the Watch app on their iPhones. The update can also be downloaded directly from the Apple Watch.