Apple pushes iOS 14.5.1 security update after WebKit flaws were found

Apple pushes iOS 14.5.1 security update after WebKit flaws were found

It’s a given that pretty much no device is completely exempt from security flaws. It’s a constant cat and mouse game where software developers keep patching bugs and hackers keep finding new gaps and flaws to exploit. No code is perfect, and Apple’s certainly isn’t. Last week, Apple started rolling out iOS and iPadOS 14.5 to compatible devices far and wide around the world, but they had two gaping zero-day vulnerabilities that allowed hackers to execute malicious code on devices that are fully updated. Now, Apple has released iOS 14.5.1, fixing these vulnerabilities.

Both patched vulnerabilities resided in WebKit, Apple’s browser engine that powers Safari and all iOS and iPadOS web content alike in apps like Mail and even the App Store. Both vulnerabilities, CVE-2021-30663 and CVE-2021-30665, kicked in when the WebKit engine processes “maliciously crafted web content”, and it would lead to arbitrary code execution, according to Apple’s patch notes for version 14.5.1 of their mobile operating system. Apple also recently patched CVE-2021-30661, another WebKit-related vulnerability, last week.

Apple gave no information on who is using or being targeted by the exploits, but they did say that they were aware of “a report that this issue may have been actively exploited.” Researchers from a China-based security firm Qihoo 360 discovered CVE-2021-30665. The other flaw was found by an unidentified source. These two flaws are also fixed in macOS 11.3.1 for Mac computers, which was released right around the same time as this update.

But that’s not everything that the iOS 14.5.1 update (via: Ars Technica) brings, as Apple also took the opportunity to bake other bug fixes as well. For example, the new update also fixes problems with a bug in the newly released App Tracking Transparency feature, which was rolled out in the previous version, although your mileage may vary as some users have reported that the feature is still having issues even after the update.

About author

Arol Wright
Arol Wright

Diehard technology enthusiast, and an Android purist by nature. While I have a soft spot for smartphones, I'm deeply interested in everything techy, be it PCs, gaming consoles, gadgets, you name it. Please direct all inquiries/tips to [email protected]