Apple earlier this week
released iOS 14.6, a seemingly minor update without all of the bells and whistles that accompanied the
iOS 14.5 release in late April. Still, the latest iOS update has numerous security fixes, which is to say that youd be well advised to update your iPhone immediately, even if your device is already running smoothly.
All told, iOS 14.6 contains 43 security vulnerabilities, with a few of them warranting serious attention. According to an Apple
support document, the update addresses a handful of security vulnerabilities that could enable a malicious actor to remotely execute code on a device.
As security expert Sean Wright
told Forbes, the security flaws addressed by the latest iOS update are
pretty much as bad as it gets.
While theres no indication that any of the security issues Apple listed were actively exploited in the wild, it only makes sense to update your device as soon as possible. As a point of interest, Apple notes that a few of the flaws were unearthed by security researchers working for Trend Micro, a multi-national cybersecurity company.
Some of the specific security and performance issues addressed by the update are listed below:
Security Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th
generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
Description: a memory corruption issue in the ASN.1 decoder was addressed by removing the
vulnerable code.
CVE-2021-30737: xerub
Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th
generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: this issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 (working with Trend Micro Zero Day Initiative)
ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th
generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: this issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security
Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th
generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: a malicious application may be able to execute arbitrary code with kernel privileges
Description: a logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th
generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to an unexpected application
termination or arbitrary code execution
Description: a memory corruption issue was addressed with improved state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th
generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to universal cross-site scripting
Description: a logic issue was addressed with improved state management.
CVE-2021-30689: an anonymous researcher
Looking ahead, it stands to reason that subsequent iOS 14 updates will be few and far in between. Especially with iOS 15 set to be unveiled at WWDC in about a week, any exciting new iOS features Apple has in the works will be part of that release later this year.
source