Apple has launched iOS 14.5.1 and iPadOS 14.5.1 for appropriate iPhone and iPad fashions to patch two zero-day safety flaws in WebPackage that allowed attackers to execute a malicious code on the not too long ago up to date gadgets. The identical safety flaws existed for Mac computer systems and Apple Watch fashions which have additionally acquired macOS Big Sur 11.3.1 and watchOS 7.4.1 updates, respectively. The Cupertino firm has additionally launched iOS 12.5.Three for its older iPhone and iPad fashions to repair a complete of 4 WebPackage-related safety points, together with the 2 zero-day flaws.
According to the main points supplied by way of a security post by Apple, iOS 14.5.1 and iPadOS 14.5.1 carry fixes for the 2 vulnerabilities that exist within the WebPackage browser engine, which is supposed for rendering Web content material in Safari, App Store, Mail, and different apps. The vulnerabilities are listed as CVE-2021-30663 and CVE-2021-30665.
While the CVE-2021-30663 is described as an integer overflow drawback, the CVE-2021-30665 is a reminiscence corruption difficulty. Both vulnerabilities allowed attackers to execute a malicious code by specifically crafted Web content material.
Apple stated that it was conscious of stories that each safety points may need been actively exploited. Users are, due to this fact, extremely really useful to obtain and set up the iOS 14.5.1 and iPadOS 14.5.1 updates on their gadgets.
The new updates additionally embody a repair for the App Tracking Transparency prompts.
“This update fixes an issue with App Tracking Transparency where some users who previously disabled Allow Apps to Request to Track in Settings may not receive prompts from apps after re-enabling it,” the corporate stated within the replace description.
In addition to iOS 14.5.1 and iPadOS 14.5.1, Apple has launched macOS Big Sur 11.3.1 and watchOS 7.4.1. These updates are additionally meant to repair the 2 zero-day vulnerabilities that the corporate has patched for newer iPhone and iPad fashions by the iOS and iPadOS updates.
Apple has additionally introduced iOS 12.5.Three for its older iPhone, iPad, and iPod contact fashions, specifically iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod contact (sixth era). It fixes the CVE-2021-30663 and CVE-2021-30665 vulnerabilities alongside two further zero-day flaws affecting WebPackage which might be recorded as CVE-2021-30666 and CVE-2021-30661.
The new safety updates come only a week after Apple released iOS 14.5, iPadOS 14.5, macOS Big Sur 11.3, watchOS 7.4, and tvOS 14.5 for appropriate gadgets. The firm has additionally stopped signing iOS 14.4.2, which implies that customers will be unable to downgrade to the sooner iOS model from iOS 14.5 or iOS 14.5.1 if they’ve already up to date their Apple gadgets.
How to obtain iOS 14.5.1, iPadOS 14.5.1, macOS Big Sur 11.3.1, watchOS 7.4.1
The iOS 14.5.1 and iPadOS 14.5.1 may be downloaded by Settings > General > Software Updates on eligible iPhone and iPad fashions. For MacEbook, iMac, Mac mini, and different Mac fashions, macOS Big Sur 11.3.1 may be downloaded by going into System Preferences > Software Update after clicking on the Apple menu icon from the top-left nook of your pc display screen. You may also discover the most recent macOS replace by visiting the About This Mac setting from the Apple menu.
Apple Watch customers can obtain the watchOS 7.4.1 replace by going to the My Watch tab from the Watch app on their iPhones. The replace may also be downloaded instantly from the Apple Watch.