Apple earlier this week released iOS 14.6, updates that seem small without all bells and whistles accompanying iOS 14.5 release at the end of April. However, the latest iOS update has a lot of security improvements, namely saying that you will be advised to immediately update your iPhone, even if your device has run smoothly.
All said, iOS 14.6 contains 43 security vulnerabilities, with some of those who guarantee serious attention. According to Apple supporting documents, the update discusses a handful of security vulnerabilities that can allow evil actors to execute the code on the device remotely.
As Sean Wright’s security experts told Forbes, the lack of security handled by the latest iOS updates “quite a lot as bad as what was obtained.”
Although there is no indication that one of the security issues registered Apple is actively exploited in the wild, it makes sense to update your device as soon as possible. As an interesting place, Apple noted that some shortcomings were excavated by security researchers who worked for micro trends, multi-national cybersecurity companies.
Some specific security and performance issues handled by updates are listed below:
Security
Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)
Impact: Processing a malicious certificate can cause an arbitrary code execution
Description: The problem of memory corruption in the ASN.1 decoder is handled by removing the vulnerable code.
CVE-2021-30737: Xerub
Audio.
Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)
Impact: Processing an evil-made audio file can cause an arbitrary code execution
Description: This problem is intended with an enhanced examination.
CVE-2021-30707: HJY79425575 (working with micro zero day trend initiatives)
Imageio.
Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)
Impact: Processing an evil image can cause an arbitrary code execution
Description: This problem is intended with an enhanced examination.
CVE-2021-30701: Mickey Jin (@ Patch1T) from Trend Micro and Ye Zhang from Baidu Security
Core
Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)
Impact: malicious applications may be able to execute the arbitrary code with kernel privileges
Description: The logic problem is handled by increasing validation.
CVE-2021-30740: Linus Henze (pinauten.de)
I / O model
Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)
Impact: Processing USD files made evil can cause unexpected termination of applications or execution of the Arbitrary code
Description: Memory corruption problems are handled with enhanced status management.
CVE-2021-30725: Mickey Jin (@ patch1t) from the micro trend
Webkit.
Available for: iPhone 6s and newer, iPad Pro (all models), iPad Air 2 and newer, the 5th generation iPad and newer, iPad mini 4 and newer, and iPod touch (generation to- 7)
Impact: Processing evil web content can cause universal cross site scripts
Description: The logic problem is handled with enhanced status management.
CVE-2021-30689: An anonymous researcher
In the future, he stands for the reason that the next iOS 14 update will be a little and far between them. Especially with the iOS 15 sets will be launched at WWDC in about a week, each new iOS feature that attracts Apple in works will be part of the release later this year.