When you subscribe we will use the information you provide to send you these newsletters. Sometimes they’ll include recommendations for other related newsletters or services we offer. Our Privacy Notice explains more about how we use your data, and your rights. You can unsubscribe at any time.
Apple released its iOS 14.5 and iPadOS 14.5 updates last week, bringing a host of exciting new features to iPhone and iPad owners. And now, exactly one week later, the Californian company is issuing another update to these devices. However, while last week was packed with new emoji and a clever fix for Face ID when wearing a face covering, this latest upgrade doesn’t include a single new feature. However, it’s still one of the most important updates we’ve seen from Apple in months.
iOS 14.5.1 and iPadOS 14.5.1 are both designed to protect iPhone and iPad owners against two new vulnerabilities discovered on fully up-to-date Apple devices. While keeping your gadgets updated with the latest software is usually a sure-fire way to ensure you’re shielded against malware and attacks from cyber crooks, unfortunately, it doesn’t always work that way.
What makes this latest update so crucial is that both new vulnerabilities are zero-day flaws. That means the flaw in your Apple device’s defences are known by bad actors, who are already using these vulnerabilities to send out cyber attacks to unpatched iPhone and iPads. Zero-day flaws found in the latest version of any operating system are even more troubling as it means those who have discovered them can hack devices that are fully up to date, often with little or no detection.
Worse still, iPhone and iPad owners who were prompted to update their devices last week are unlikely to think their devices need another software update some seven days later. After all, Apple usually updates its device more infrequently than that.
MORE LIKE THIS
Dyson vacuum fans cautioned about dangerous new scam sweeping the UK
As always with zero-day flaws, there’s not a whole lot of information about these latest glitches. That makes sense since Apple doesn’t want to let the cat out of the bag to any more nefarious characters.
However, we do know that both vulnerabilities were discovered in Webkit, which is the engine that powers browsers on iOS and iPadOS. It’s designed to render content from the web in the Safari app (the preinstalled web browser on all Apple devices) as well as Mail and the App Store. Known as CVE-2021-30663 and CVE-2021-30665, these zero-days are now being tracked and have been patched.
Last week, Apple fixed CVE-2021-30661, which was another flaw in Webkit on iOS that could have enabled hackers to execute their own code on your iPhone. It’s no known whether CVE-2021-30661 was ever exploited in the wild.
Apple unveil their brand new purple iPhone 12
Speaking about the latest flaws, Jake Moore, Cybersecurity Specialist at ESET, told Express.co.uk: “When Apple release multiple updates in quick succession it highlights the severity of the release. Apple is continually being targeted and has a duty to protect its users. Such exploits could be hugely effective and it’s vital that people take on the responsibility where they can and update at the earliest convenience.
“Many people still wrongly think that an update will take too long or even harm their device and data. However, if these devices are not up to date with the latest operating system, procrastination will leave their data in far more danger.”
If you haven’t already updated your iPhone, head to Settings > General > Software Update right now to download iOS 14.5.1. If you’re using an iPad, you’ll need to launch the Settings app, then head to General > Software Update to find iPadOS 14.5.1.
Source: Read Full Article