Security News > 2021 > April > Apple iOS 14.5 Patches 50 Security Vulnerabilities
Apple on Monday shipped the long-awaited iOS and iPadOS 14.5 update with patches for at least 50 documented security vulnerabilities.
The patch, which is currently being rolled out via iOS and iPadOS automatic-updating mechanism, includes cover for a WebKit vulnerability that Apple believes may have been exploited in the wild by attackers.
The company did not provide any additional details on the report of active exploitation beyond a one-line acknowledging a researcher from a Chinese security research lab for the discovery.
The iOS and iPadOS 14.5 rollout also fixes multiple high-risk "Arbitrary code execution" vulnerabilities across a range of mobile operating system components, including bugs in FontParser and ImageIO. An interesting observation from this mega-patch release is the volume of vulnerabilities reported by researchers attached to Chinese companies and security research labs.
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series.
Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series.
News URL
Related news
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones (source)
- iOS 18 added secret and smart security feature that reboots iThings after three days (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package (source)