Security News > 2021 > October > Apple Patches Critical iOS Bugs; One Under Attack
Apple lovers who haven't yet updated to iOS 15, you may want to pop into Settings to freshen up your iPhone now: Apple has released several critical security updates that might light a fire under your britches.
On Monday and Tuesday, Apple released iOS 14.8.1, iPadOS 14.8.1, watchOS 8.1 and tvOS 15.1, patching 24 CVEs in total.
Apple's security page has all the details about the CVEs, which include multiple issues in iOS components that, if exploited, could lead to arbitrary code execution, sometimes with kernel privileges that would let an attacker get to the heart of the operating system.
Understandably, Apple keeps a lid on details that might help more attackers do damage.
Malwarebyte Labs has a nice rundown on other security-related bugs that stand out in the two dozen CVEs Apple addressed this week.
Earlier this year, Apple announced that it was giving users a choice: They could update to iOS 15 as soon as it's released, or stay on iOS 14 but still get important security updates until they're ready to upgrade.
News URL
https://threatpost.com/apple-patches-ios-bugs/175803/
Related news
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Apple plugs security hole in its iThings that's already been exploited in iOS (source)
- New Apple CPU side-channel attacks steal data from browsers (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple warns 'extremely sophisticated attack' may be targeting iThings (source)