Apple earlier this week released iOS 14.6, updates that seem small without all bells and whistles accompanying iOS 14.5 release at the end of April. However, the latest iOS update has a lot of security improvements, namely saying that you will be advised to immediately update your iPhone, even if your device has run smoothly.

All said, iOS 14.6 contains 43 security vulnerabilities, with some of those who guarantee serious attention. According to Apple supporting documents, the update discusses a handful of security vulnerabilities that can allow evil actors to execute the code on the device remotely.

As Sean Wright’s security experts told Forbes, the lack of security handled by the latest iOS updates “quite a lot as bad as what was obtained.”

Although there is no indication that one of the security issues registered Apple is actively exploited in the wild, it makes sense to update your device as soon as possible. As an interesting place, Apple noted that some shortcomings were excavated by security researchers who worked for micro trends, multi-national cybersecurity companies.

Some specific security and performance issues handled by updates are listed below:

Security

Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)

Impact: Processing a malicious certificate can cause an arbitrary code execution

Description: The problem of memory corruption in the ASN.1 decoder is handled by removing the vulnerable code.

CVE-2021-30737: Xerub

Audio.

Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)

Impact: Processing an evil-made audio file can cause an arbitrary code execution

Description: This problem is intended with an enhanced examination.

CVE-2021-30707: HJY79425575 (working with micro zero day trend initiatives)

Imageio.

Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)

Impact: Processing an evil image can cause an arbitrary code execution

Description: This problem is intended with an enhanced examination.

CVE-2021-30701: Mickey Jin (@ Patch1T) from Trend Micro and Ye Zhang from Baidu Security

Core

Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)

Impact: malicious applications may be able to execute the arbitrary code with kernel privileges

Description: The logic problem is handled by increasing validation.

CVE-2021-30740: Linus Henze (pinauten.de)

I / O model

Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)

Impact: Processing USD files made evil can cause unexpected termination of applications or execution of the Arbitrary code

Description: Memory corruption problems are handled with enhanced status management.

CVE-2021-30725: Mickey Jin (@ patch1t) from the micro trend

Webkit.

Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)

Impact: Processing evil web content can cause universal cross site scripts

Description: The logic problem is handled with enhanced status management.

CVE-2021-30689: An anonymous researcher

In the future, he stands for the reason that the next iOS 14 update will be a little and far between them. Especially with the iOS 15 sets will be launched at WWDC in about a week, each new iOS feature that attracts Apple in works will be part of the release later this year.

Leave a Reply

Your email address will not be published. Required fields are marked *