The update fixes two newly discovered zero-day vulnerabilities that could allow an attacker to run malicious code on devices running earlier versions of iOS. Both bugs are rooted in the WebKit browser engine, which is used by all iOS browsers in addition to Safari, Mail, and the App Store, as well as dozens of other applications to display a variety of web content.
We continue with secure software development and Scrum topicsIt will be HWSW free on May 18-19! the next stop in the meetup series.
We continue with secure software development and Scrum topics It will be HWSW free on May 18-19! the next stop in the meetup series.
The latest iOS is designed to address these vulnerabilities, specifically CVE-2021-30663 and CVE-2021-30665. Apple hasn’t revealed too much detail, all that is known is that criminals can run arbitrary code on devices with the help of properly prepared web content. The Cupertino giant added that a report had already been received that the vulnerability was actively exploited by attackers. Interestingly, the CVE-2021-30665 was discovered by a Chinese security company, Qihoo 360, but the identity of the finder ending in 30665 was not revealed by Apple.
Apple recently reported a similar zero-day vulnerability in Webkit, barely a month ago. In the four months to date, researchers have documented a total of 22 different zero-day security flaws, more than a third of which have affected some of the Cupertino company’s products, most notably iOS devices. With this ratio, iOS is second only to Chrome, meaning Apple’s operating system is a distinctly popular target. The company, like many other players, pays hefty sums for each security flaw. Apple is willing to pay $ 25,000 for bugs that allow access to user data and up to $ 200,000 for bugs in secure boot firmware components.
In addition to the vulnerabilities, the biggest enhancement to iOS 14.5, the new privacy setting, is also wrinkled in 14.5.1. A feature called App Tracking Transparency in Apple’s dictionary often didn’t work properly, and a warning to users didn’t appear on the screen after certain settings.
Source: HWSW Informatikai Hírmagazin by www.hwsw.hu.
*The article has been translated based on the content of HWSW Informatikai Hírmagazin by www.hwsw.hu. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!