Actively exploited holes: Apple connects iOS, macOS and watchOS

On Tuesday night, Apple released an updated version of its flagship operating system. Its main purpose is to insert two holes that are already actively exploited into Apple Kit’s browser engine webkit for Safari.

Five updates for iPhone, iPad, Mac and Watch

Updates are available iOS and iPadOS 14.5.1, macOS 11.3.1 As watchOS 7.4.1. There will be older iPhones, iPods and iPod Touch devices With iOS 12.5.3 Reprimand.

In Big Sur 11.3.1 and iOS or iPados 14.5.1, CVE IDs 2021-30665 and CVE-2021-30663 are addressed. This is a memory error and an integer overflow, both of which can be used to execute arbitrary code over manipulated web content. watchOS only observes 7.4.1 CVE-ID 2021-30665 (memory error on webkit), other errors are incompatible with the computer clock.

What about older MacOS versions?

It is not clear what went wrong with previous versions of Safari on the Mac. Apple has not yet provided a link to the browser under Mojave (MacOS 10.14) or Catalina (MacOS 10.15); Big Zuril is missing fixed spaces or is hoping updates will be provided soon.

Apple insists that the company has a report, according to which bugs are already being actively exploited by an exploiter. This is why updates are “important”. Unfortunately, Apple did not provide further details – i.e. who is trying to attack whom, and how much exploitation.

Fix ATT error

iPadOS 14.5.1 and iOS 14.5.1 fix another issue. Apple’s long-awaited application tracking transparency function (ATT) implemented with iOS or iPadOS 14.5 is not working properly. Apple knows this: Users who have already blocked all applications from tracking through system settings on previous operating systems will no longer receive requests for approval, even if they are allowed to track again. Mac & i editors also noticed this with their own devices.

(B.Sc.)