Apple has admitted that its new software patches a WebKit flaw which may have been actively exploited in the wild.
Apple recently released emergency software updates for its devices to fix a major vulnerability which the company says may have already been actively exploited.
iOS 14.5.1 Fixes a Dangerous WebKit Flaw
The new updates include iOS 14.5.1 for the iPhone and iPod touch, iPadOS 14.5.1 for the iPad, watchOS 7.4.1 for the Apple Watch, and macOS Big Sur 11.3.1 for the Mac computers.
Apple in its user-facing release notes accompanying the updates confirms that the releases fix a minor problem with the new anti-tracking App Tracking Transparency feature. More important than that, the updates “provide important security updates,” as per the company.
This update fixes an issue with App Tracking Transparency where some users who previously disabled Allow Apps to Request to Track in Settings may not receive prompts from apps after re-enabling it. This update also provides important security updates and is recommended for all users.
Apple has separately detailed the security content of iOS 14.5.1 and other updates.
The WebKit Flaw May Have Been Exploited
According to the company, the WebKit vulnerability enables bad actors to process maliciously crafted web content in a way that may lead to arbitrary code execution. WebKit is Apple’s browser engine powering the company’s own Safari browser and all third-party browsers on the iOS and iPadOS platforms.
This is “a memory corruption issue” that was addressed with “improved state management,” the company notes. Interestingly enough, Apple has even acknowledged that it is “aware of a report that this issue may have been actively exploited” in the wild. That’s very interesting because Apple as a secretive company rarely acknowledges such flaws.
In the past, the company was criticized for not even crediting security researchers who would discover these vulnerabilities. The fact that Apple has gone on the record to acknowledge that this particular WebKit flaw “may have been actively exploited” certainly suggest some malicious users have already taken advantage of the vulnerability.
Apple is recommending that all users install the new updates.
How to Install iOS 14.5.1 and Other Updates
To update the iOS/iPadOS software powering your iPhone/iPad, open the Settings app and venture into General > Software Update. On your Mac, launch System Preferences and click the Software Update icon. For your Apple Watch, open the companion Watch app on its paired iPhone, then go to My Watch > General > Software Update.
If you see a message confirming that new software updates are available, choose to install them immediately over the air to get the latest protections.
Be sure to plug your iOS device into power and connect to the internet with Wi-Fi. Your Apple Watch must be at least 50 percent charged, with your iPhone connected to Wi-Fi. Both the watch and the phone must be within Bluetooth range.
Changelogs for iOS 14.5.1 and Other Updates
Release notes (or changelogs, as such documents are often called) automatically appear when you use Apple’s Software Update mechanism to check for over-the-air updates on your device. You can also find them on the web using the following links:
The security fixes of the above updates are listed in the following Apple support documents:
The WebKit security fix is not available for the tvOS software powering your Apple TV 4K and Apple TV HD because the operating system doesn’t suffer from this vulnerability.
Image Credit: Dries De Schepper / Flickr
What is iOS? We look at Apple’s mobile operating system to see what iOS means, what it offers, and how to get the latest version.
About The Author