New iPhone Bugs Can Expose Sensitive Information: How to Download iOS 14.6 to Fix

New iPhone Bugs Can Expose Sensitive Information: How to Download iOS 14.6 to Fix
Apple quickly rolled out the iOS 14.6, merely weeks after the release of iOS 14.5.1, as a response to the iPhone bugs and security issues that had hackers attacking users. Photo : Ming Yeung/Getty Images

Apple quickly rolled out the iOS 14.6, merely weeks after the release of iOS 14.5.1, as a response to the security issues that had hackers attacking iPhone users.

iPhone Bugs and Security Issues

The new iOS update addresses 43 security vulnerabilities, per Forbes. Several of which were quite serious. Hackers have exploited the weaknesses in iOS 14.5.1 and could be potentially dangerous for the victims.

The most serious vulnerability iOS 14.6 took care of is found in the WebKit. The engine behind Apple's Safari browse has already been heavily scrutinized for its security vulnerabilities last year, Forbes shared. In the latest report, there are two remote code execution flaws found in WebKit that can be exploited.

According to Tom's Guide, some of the security faults found include malicious audio files that can be exploited by attackers to reveal sensitive personal information, as well as shocking weaknesses in iOS' Core Services that can give way for malware to enter.

Sean Wright, SME application security at Immersive Labs, pointed out how those flaws combined with other issues like a kernel arbitrary code execution can allow kernel-level access to your devices. He also emphasized a concerning issue labeled "CVE-2021-30737" that could potentially lead to devices being remotely accessed and exploited because the issue allows for the execution of code via a certificate.

"Again it could be chained with some of the higher level vulnerabilities to lead to a compromised device," Wright told Forbes.

Cross-site scripting attacks can allow hackers to steal your internet cookies and sessions in Safari and grab access to a full hijacking of your account. Malicious web pages can also easily take details and sensitive information.

Read Also: Apple macOS Malware Can Access Your Webcam! Install Update 11.4 to Fix Now

Fixes for macOS Big Sur 11.4

Some of the same flaws found and fixed by iOS 14.6 and iPadOS 14.6 are also being addressed by the macOS Big Sur 11.4. Tom's Guide shared 58 flaws were patched by Apple. Users with macOS 10.15 Catalina and 10.14 Mojave reportedly got patches as well.

Among the security breaches is a terrible malware that secretly takes screenshots of users' Macs. The malware strain can bypass Apple's Transparency Consent and Control (TCC) protections, the cybersecurity firm Jamf revealed.

The TCC is the virtual alarm that sounds off when an app is misbehaving and could potentially threaten users' privacy. And the XCSSET malware was able to get around that.

"The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user's explicit consent," Jamf researchers warn.

That's a serious vulnerability, one that can be very harmful to the victim.

Update to iOS 14.6 Now

iPhone, iPad, and Mac users should update their devices now, especially if they have previously downloaded the compromised OS. Apple's watchOS and tvOS also had recent updates to patch up similar vulnerabilities.

It is unclear how actively and heavily exploited Apple users with compromised devices, but it is in everyone's best interest to update your devices right now.

iPhone and iPad users can do so by heading over to Settings>General>Software Update and click "Update Now." Apple Watch users can update their watches from their phones.

Mac users can do so by heading over to the Apple Menu and click on Software Updates. Apple TV users can head over to Settings>System>Software Updates.

Related Article: Apple AirTag Gets Security Update to Protect Your Phone Number From Strangers: How to Install iOS 14.6

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Company from iTechPost

More from iTechPost