Apple on Monday released updates for iOS 14.5, iPadOS 14.5, watchOS 7.4, and macOS 11.3, which contain critical security patches that should be installed immediately. We’ve seen these types of fixes in other recent updates and can’t stress how important it is to update.
Update 5/5: Apple also released iOS 12.5.3 to address the Webkit exploits. on older iPhones as well as Safari 14.1 for older Mac.
Apple’s security update document states that it fixes a flaw where “Processing maliciously crafted web content may lead to arbitrary code execution. Those are particularly scary words, especially when paired with this sentence: “Apple is aware of a report that this issue may have been actively exploited.” Two phrases you never want to hear in a security update for a device you own are “arbitrary code execution” and “may have been actively exploited,” so it’s important that users update as soon as possible.
Apple’s security notes outline the issue at hand in technical terms. The CVE-2021-30665 applies to iOS and iPadOS 14.5, macOS 11.3, and watchOS 7.4, while CVE-2021-30663 doesn’t apply to the Apple Watch.
WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA
WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: An integer overflow was addressed with improved input validation.
CVE-2021-30663: an anonymous researcher
For devices unable to update to iOS 14, including the iPhone 5s, iPhone 6, and iPhone 6 Plus, Apple has released iOS 12.5.3 to patch CVE-2021-30666, CVE-2021-30665, CVE-2021-30663, and CVE-2021-30661. For Macs that aren’t on Big Sur, Apple has also released Safari 14.1, which also addresses the Webkit vulnerabilities.
The following are the release notes for iOS and iPadOS 14.5.1
This update fixes an issue with App Tracking Transparency where some users who previously disabled Allow Apps to Request to Track in Settings may not receive prompts from apps after re-enabling it. This update also provides important security updates and is recommended for all users.
Before updating, it’s a good idea to back up your data, just in case the update causes problems. To install the update, you need an internet connection. Also, your device will need to restart in order to finish the installation. Here are the steps.
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Nenhum comentário:
Postar um comentário