If you haven’t checked for updates on your iPhone and iPad in a while, today is a good day to do that, because Apple’s rather quietly released an important security fix.
As ZDNet points out, what looks like a typical and boring update to your Apple gear (iOS 14.7.1 and iPadOS 14.7.1) actually contains a fix for a security vulnerability.
The confusion may start when you see the update, which starts by mentioning an issue with Touch ID as it relates to a paired Apple Watch. Burying the lede, Apple goes on to mention “important security updates” that are explained in greater detail online.
The key line here, which requires some deep digging, is that the update fixes this problem: “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.” The “actively exploited” is the key concern here.
The issue was actually discovered in March by security researcher Saar Amar; he offers a greater (and admittedly, incomprehensible to me) explanation here.
Gordon Kelly over at Forbes breaks it down into layman’s terms: “What Saar discovered is a memory corruption issue in the IOMobileFrameBuffer … which meant hackers could use it to execute malicious code on an iPhone or iPad. Given Apple didn’t even list the fix for an increasingly dangerous WiFi hack which secretly exists in iOS 14.7.1 but spells out this flaw specifically, it suggests the company views it as a clear and present danger.”
You’ll want to go to Settings > General > Software Update to get the fix in.
More Like This
Thanks for reading InsideHook. Sign up for our daily newsletter and be in the know.
