Security News > 2021 > March > Apple May Start Delivering Security Patches Separately From Other OS Updates

Apple May Start Delivering Security Patches Separately From Other OS Updates
2021-03-17 01:33

Apple may be changing the way it delivers security patches to its devices running iOS and iPadOS mobile operating systems.

According to code spotted in iOS 14.5, the iPhone maker is reportedly working on a method for delivering security fixes independently of other OS updates.

While Google's Android has had monthly security patches rolled out that are completely divorced from the OS-related updates, iOS has traditionally bundled security updates along with an upgrade to the latest version of the OS. For instance, Apple rolled out iOS 14.4.1 earlier this month just to address one security vulnerability in WebKit that could have allowed adversaries to run arbitrary code on devices via malicious web content.

With this new setting called "Install Security Updates" added to the software update menu, it's expected that Apple will let users choose between either installing the entire iOS update or just the security updates, in a manner that echoes macOS. On Macs running older versions of the operating system such as macOS Mojave, Apple has offered standalone update packs, allowing users to get security patches and bug fixes while holding off before installing the latest macOS version available.

Given that iOS 14.5 is still in beta, it's still unclear how this feature will be implemented, but based on code references, it appears that users who have previously downloaded the security update may be prompted to delete it before installing another iOS update.

By separating security updates from feature-centric updates, the development could also pave the way for issuing out-of-band emergency fixes for devices not running the latest versions of iOS and iPadOS. iOS 14.5 is already shaping up to be quite a big privacy and security-focused update, what with the company planning to redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/TT-nJM5YFv4/apple-may-start-delivering-security.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110