Apple quickly rolled out the iOS 14.6, merely weeks after the release of iOS 14.5.1, as a response to the security issues that had hackers attacking iPhone users.
iPhone Bugs and Security Issues
The new iOS update addresses 43 security vulnerabilities, per Forbes. Several of which were quite serious. Hackers have exploited the weaknesses in iOS 14.5.1 and could be potentially dangerous for the victims.
The most serious vulnerability iOS 14.6 took care of is found in the WebKit. The engine behind Apple's Safari browse has already been heavily scrutinized for its security vulnerabilities last year, Forbes shared. In the latest report, there are two remote code execution flaws found in WebKit that can be exploited.
According to Tom's Guide, some of the security faults found include malicious audio files that can be exploited by attackers to reveal sensitive personal information, as well as shocking weaknesses in iOS' Core Services that can give way for malware to enter.
Sean Wright, SME application security at Immersive Labs, pointed out how those flaws combined with other issues like a kernel arbitrary code execution can allow kernel-level access to your devices. He also emphasized a concerning issue labeled "CVE-2021-30737" that could potentially lead to devices being remotely accessed and exploited because the issue allows for the execution of code via a certificate.
"Again it could be chained with some of the higher level vulnerabilities to lead to a compromised device," Wright told Forbes.
Cross-site scripting attacks can allow hackers to steal your internet cookies and sessions in Safari and grab access to a full hijacking of your account. Malicious web pages can also easily take details and sensitive information.
Fixes for macOS Big Sur 11.4
Some of the same flaws found and fixed by iOS 14.6 and iPadOS 14.6 are also being addressed by the macOS Big Sur 11.4. Tom's Guide shared 58 flaws were patched by Apple. Users with macOS 10.15 Catalina and 10.14 Mojave reportedly got patches as well.
Among the security breaches is a terrible malware that secretly takes screenshots of users' Macs. The malware strain can bypass Apple's Transparency Consent and Control (TCC) protections, the cybersecurity firm Jamf revealed.
The TCC is the virtual alarm that sounds off when an app is misbehaving and could potentially threaten users' privacy. And the XCSSET malware was able to get around that.
"The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user's explicit consent," Jamf researchers warn.
That's a serious vulnerability, one that can be very harmful to the victim.
Update to iOS 14.6 Now
iPhone, iPad, and Mac users should update their devices now, especially if they have previously downloaded the compromised OS. Apple's watchOS and tvOS also had recent updates to patch up similar vulnerabilities.
Apple has released iOS 14.6 with Apple Card Family, Podcasts subscriptions, and more. iPadOS 14.6, watchOS 7.5, macOS Big Sur 11.4, and tvOS 14.6 is available as well pic.twitter.com/BsAKZTiL5y— Apple Hub (@theapplehub) May 24, 2021
It is unclear how actively and heavily exploited Apple users with compromised devices, but it is in everyone's best interest to update your devices right now.
iPhone and iPad users can do so by heading over to Settings>General>Software Update and click "Update Now." Apple Watch users can update their watches from their phones.
Mac users can do so by heading over to the Apple Menu and click on Software Updates. Apple TV users can head over to Settings>System>Software Updates.