Critical security updates for iOS, iPadOS, and more
Apple has just released an important round of updates. The TL;DR is that the iOS, iPadOS, watchOS, and tvOS updates address vulnerabilities that are under active exploitation (according to reports). If you have a device running any of these operating systems, you should update immediately.
In the following article, we’ll give you some additional information about the security content of these updates:
iOS and iPadOS
Apple has just released iOS 14.4 and iPadOS 14.4. The updates address two separate security issues.
First, the updates contain a fix for a kernel vulnerability. The “kernel” is the core of the operating system, and so anything with the potential to affect it needs to be taken very seriously. This particular kernel flaw (CVE-2021-1782) can allow a malicious app to exploit a “race condition vulnerability” in order to gain elevated privileges on a device. Race condition vulnerabilities occur when the timing and sequence of events on a computer system can be used to produce unexpected results; under the right circumstances, bad actors can exploit race conditions to perform malicious actions.
The second patch fixes a problem with WebKit, which is the browser engine that powers Safari and other iOS and iPadOS browsers. According to Apple, the vulnerability can allow an attacker to run malicious code on an affected device. Here too, Apple has received reports of the vulnerability being exploited in the real world.
To update iOS or iPadOS, go to Settings > General > Software Update. Tap Download and Install to get the update; then click Install Now.
tvOS and watchOS
Apple has also released tvOS 14.4 and watchOS 7.3. The updates both address the same kernel vulnerability discussed above, and thus should be considered high-priority updates.
The tvOS update is available for Apple TV 4K and Apple TV HD; the watchOS update is available for Apple Watch Series 3 and later.
To update tvOS, open the Settings menu on your Apple TV. Go to System > Software Updates > Update Software. When you see the update, select Download and Install. Don’t disconnect your Apple TV until the process is complete.
To update watchOS, place your Apple Watch on its charger and make sure it’s connected to WiFi. Then go to Settings > General > Software Update, and tap Install when you see the update. Follow any onscreen instructions, and don’t restart your Apple Watch or exit the app until the update is complete.
iCloud (Windows) and Xcode
Apple has also released a patch for the Windows version of iCloud (as iCloud for Windows 12.0).
The update addresses vulnerabilities related to iCloud’s image handling framework; under the right conditions, processing a maliciously crafted image file could lead to code execution or memory corruption issues. The update is available for Windows 10 and later through the Microsoft Store.
Finally, Apple has released an update to Xcode. The update is available for macOS Catalina 10.15.4 and later. However, since Xcode is a software development tool used by programmers, this update is unlikely to be of much concern to most macOS users.
An update to macOS is expected soon; follow us on Twitter or LinkedIn for breaking news and updates related to Apple security.