Security fixes for macOS, iOS and more in Apple updates
Apple has released security fixes for macOS, iOS, WebKit, and its other OSes. Read on for details and update instructions.
iOS and iPadOS security updates
Apple has updated iOS as iOS 14.7 and iPadOS as iPadOS 14.7.
This time around, the iOS updates are receiving the most attention, due to an Amnesty International report published last week. The report showed how NSO Group’s spyware was being used on iPhones to target activists, journalists, and political figures around the world. (Related: Zero-click iMessage exploit used to hack journalists)
However, Apple didn’t mention vulnerabilities under active exploitation in their iOS update notes. That said, the notes did point out some significant security issues:
- Bugs in the audio processing framework that could have led to arbitrary code execution or crashes
- Bugs in the way iOS and iPadOS handle images and fonts that could have resulted in arbitrary code execution
- Kernal issues that could have allowed an attacker to bypass system security features
- A Wi-Fi issue that could have resulted in a crash or code execution if a device joined a malicious Wi-Fi network
In short, all users should update immediately. If you don’t have automatic updates enabled, the best way to find the update is to go to Settings > General > Software Update. When you’re ready, click Download and Install to update.
Security fixes for macOS
Apple also released an update for macOS Big Sur as macOS 11.5. The company issued updates for older OS versions as Security Update 2021-004 Catalina and Security Update 2021-005 Mojave.
The security fixes for macOS addressed some of the same issues as the iOS update. But in addition, the update patched some Mac-specific security flaws:
- An AMD Kernel issue that could have let an application execute code with kernel permissions
- Intel Graphics Driver issues that could have let a malicious app crash macOS, write to kernel memory, or execute code with kernel privileges
- A Kext Management issue that could have allowed a malicious app to bypass a user’s Privacy preferences
To update macOS Big Sur manually, first go to the Apple menu, and then to System Preferences > Software Update to find the update. When you’re ready to update, just click Update Now.
WebKit security updates
In addition to the updates mentioned above, Apple also fixed several WebKit bugs that could have led to arbitrary code execution.
WebKit is the browser engine used by Safari and by iOS web browsers — so any issue with WebKit is going to affect pretty much everything Apple.
As you might expect, the WebKit fixes were part of the macOS and iOS/iPadOS updates already discussed. In addition, they were included in Apple’s other security updates: Safari 14.1.2, watchOS 7.6, and tvOS 14.7. Users of these other Apple OSes should update now if they haven’t done so already.