Apple last week released iOS 14.5.1 and iPadOS 14.5.1 which contained bug fixes and patches for WebKit vulnerabilities that were being exploited in the wild. The company has now stopped signing code for iOS 14.5 and iPadOS 14.5, blocking downgrades to earlier operating system versions.
Mike Peterson for AppleInsider:
Apple’s iOS 14.5 was a major update that introduced a slew of new features and bug fixes including App Tracking Transparency, mask unlock with Apple Watch, and AirTag support.
Apple routinely stops signing legacy code after the release of a new iOS build in part to protect customers from nefarious actors attempting to take advantage of newly discovered vulnerabilities. In addition to security, preventing users from downloading older code allows Apple to keep more iOS devices on the latest, feature-rich software.
About the security content of iOS 14.5.1 and iPadOS 14.5.1
• WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA
• WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: An integer overflow was addressed with improved input validation.
CVE-2021-30663: an anonymous researcher
For more information on the security content of Apple software updates, please visit this website:
https://support.apple.com/kb/HT201222
MacDailyNews Take: If you haven’t yet updated to iOS 14.5.1 and/or iPadOS 14.5.1, do so ASAP.