Apple has released iOS 14.5.1 and iPadOS 14.5.1 for compatible iPhone and iPad models to fix two zero-day security vulnerabilities in WebKit that allowed attackers to execute malicious code on recently updated devices. The same security vulnerabilities existed on Macs and Apple Watch models that have also received macOS Big Sur 11.3.1 and watchOS 7.4.1 updates. Cupertino has also released iOS 12.5.3 for its older iPhone and iPad models to fix a total of four WebKit-related security issues, including two zero-day vulnerabilities.
A. -According to the information provided through the Service security mail by Apple, iOS 14.5.1, and iPadOS 14.5.1 include fixes for two vulnerabilities in the WebKit browser engine for rendering web content in Safari, the App Store, Mail, and other applications. The vulnerabilities are listed in CVE-2021-30663 and CVE-2021-30665.
Although CVE-2021-30663 is described as an integer overflow problem, CVE-2021-30665 is a memory corruption issue. Both vulnerabilities allowed attackers to execute malicious code through specially crafted web content.
Apple said it was aware of reports that both security issues could have been actively exploited. Users are therefore advised to download and install iOS 14.5.1 and iPadOS 14.5.1 updates on their devices.
New updates also include a fix for App Tracking Transparency prompts.
“This update fixes an issue with application tracking transparency where some users who have previously disabled the Allow applications to request tracking settings may not receive prompts from applications after it is re-enabled,” the company said in the description of the update.
In addition to iOS 14.5.1 and iPadOS 14.5.1, Apple has released macOS Big Sur 11.3.1 and watchOS 7.4.1. These updates are also intended to address two zero-day vulnerabilities that the company has fixed for newer iPhones. and iPad models with iOS and iPadOS updates.
Apple has also introduced iOS 12.5.3 for its older iPhone, iPad and iPod touch models Iphone 5s, Iphone 6, iPhone 6 Plus, Ipad Air, iPad mini 2, iPad mini 3and iPod touch (6th generation). It repairs CVE-2021-30663 and CVE-2021-30665 vulnerabilities and two other zero-day vulnerabilities that affect WebKit and are listed as CVE-2021-30666 and CVE-2021-30661.
New security updates will only come a week after Apple exempt iOS 14.5, iPadOS 14.5, macOS Big Sur 11.3, watchOS 7.4 and tvOS 14.5 for compatible devices. The company has also stopped signing for iOS 14.4.2, which means users won’t be able to upgrade to an earlier version of iOS from iOS 14.5 or iOS 14.5.1 if they’ve already upgraded to Apple devices.
How to download iOS 14.5.1, iPadOS 14.5.1, macOS Big Sur 11.3.1, watchOS 7.4.1
IOS 14.5.1 and iPadOS 14.5.1 can be downloaded via settings > General > Software updates on valid iPhone and iPad models. MacBook, iMac, Mac mini, and other Mac models MacOS Big Sur 11.3.1 can be downloaded by navigating System settings > Software update by clicking the Apple menu icon in the upper-left corner of your computer screen. You can also find the latest macOS update by visiting About this Mac setting from the Apple menu.
Apple Watch users can download the watchOS 7.4.1 update by going to My watch tab in the Watch app on iPhone. The update can also be downloaded directly from Apple Watch.