Apple has launched iOS 14.5.1 and iPadOS 14.5.1 for appropriate iPhone and iPad fashions to patch two zero-day safety flaws in WebPackage that allowed attackers to execute a malicious code on the not too long ago up to date units. The similar safety flaws existed for Mac computer systems and Apple Watch fashions which have additionally acquired macOS Big Sur 11.3.1 and watchOS 7.4.1 updates, respectively. The Cupertino firm has additionally launched iOS 12.5.Three for its older iPhone and iPad fashions to repair a complete of 4 WebPackage-related safety points, together with the 2 zero-day flaws.
According to the main points offered by way of a security post by Apple, iOS 14.5.1 and iPadOS 14.5.1 carry fixes for the 2 vulnerabilities that exist within the WebPackage browser engine, which is supposed for rendering Web content material in Safari, App Store, Mail, and different apps. The vulnerabilities are listed as CVE-2021-30663 and CVE-2021-30665.
While the CVE-2021-30663 is described as an integer overflow downside, the CVE-2021-30665 is a reminiscence corruption concern. Both vulnerabilities allowed attackers to execute a malicious code by way of specifically crafted Web content material.
Apple mentioned that it was conscious of stories that each safety points might need been actively exploited. Users are, subsequently, extremely advisable to obtain and set up the iOS 14.5.1 and iPadOS 14.5.1 updates on their units.
The new updates additionally embrace a repair for the App Tracking Transparency prompts.
“This update fixes an issue with App Tracking Transparency where some users who previously disabled Allow Apps to Request to Track in Settings may not receive prompts from apps after re-enabling it,” the corporate mentioned within the replace description.
In addition to iOS 14.5.1 and iPadOS 14.5.1, Apple has launched macOS Big Sur 11.3.1 and watchOS 7.4.1. These updates are additionally meant to repair the 2 zero-day vulnerabilities that the corporate has patched for newer iPhone and iPad fashions by way of the iOS and iPadOS updates.
Apple has additionally introduced iOS 12.5.Three for its older iPhone, iPad, and iPod contact fashions, specifically iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod contact (sixth era). It fixes the CVE-2021-30663 and CVE-2021-30665 vulnerabilities alongside two further zero-day flaws affecting WebPackage which are recorded as CVE-2021-30666 and CVE-2021-30661.
The new safety updates come only a week after Apple released iOS 14.5, iPadOS 14.5, macOS Big Sur 11.3, watchOS 7.4, and tvOS 14.5 for appropriate units. The firm has additionally stopped signing iOS 14.4.2, which implies that customers will be unable to downgrade to the sooner iOS model from iOS 14.5 or iOS 14.5.1 if they’ve already up to date their Apple units.
How to obtain iOS 14.5.1, iPadOS 14.5.1, macOS Big Sur 11.3.1, watchOS 7.4.1
The iOS 14.5.1 and iPadOS 14.5.1 might be downloaded by way of Settings > General > Software Updates on eligible iPhone and iPad fashions. For MacE-book, iMac, Mac mini, and different Mac fashions, macOS Big Sur 11.3.1 might be downloaded by going into System Preferences > Software Update after clicking on the Apple menu icon from the top-left nook of your pc display screen. You can even discover the most recent macOS replace by visiting the About This Mac setting from the Apple menu.
Apple Watch customers can obtain the watchOS 7.4.1 replace by going to the My Watch tab from the Watch app on their iPhones. The replace may also be downloaded immediately from the Apple Watch.