Major security vulnerability found in iOS 14.5
- Apple Support documents recently revealed security flaws in WebKit.
- It’s highly recommended to update to the latest version of iOS.
Initial reports of a security flaw in iOS 14.5 have been confirmed. The security flaws were caused by Apple’s WebKit — a browser engine used in Safari. Apple says that these flaws could have been actively exploited by third parties. In iOS 14.5.1, Cupertino patched exploits that contained “malicious web content that could lead to arbitrary code execution.”
Apple Support documents go into detail on what flaws were patched:
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved state management.
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: An integer overflow was addressed with improved input validation.
The exploit also affected users running on older iPhones and users on macOS 11.3. The total amount of users impacted by this security vulnerability is unknown at the current moment. The security flaw was patched in iOS 12.5.3, iOS 14.5.1, watchOS 7.4.1 and macOS 11.3.1. It is recommended to update as soon as you can to not be affected by this security exploit.
Recommended by the editors:
Thank you for visiting Apple Scoop! As a dedicated independent news organization, we strive to deliver the latest updates and in-depth journalism on everything Apple. Have insights or thoughts to share? Drop a comment below—our team actively engages with and responds to our community.7th May, 2021 at 7:53 pm by Carlos
No password required
A confirmation request will be delivered to the email address you provide. Once confirmed, your comment will be published. It's as simple as two clicks.
Your email address will not be published publicly. Additionally, we will not send you marketing emails unless you opt-in.