Apple released “important security updates” for iOS on Friday evening: iPhone and iPad owners can download iOS and iPadOS versions 14.4.2 and iOS 12.5.2. The latter is intended for certain older iPad model series and primarily iPhone 6 and 5s, for which Apple continues to provide updates in the event of particularly serious weaknesses. The manufacturer recommends the installation to all users.
WatchOS version 7.3.3 is also available for installation at the same time. iOS 13 has not received any updates so far, users should update to iOS 14.
Second iOS security update in March
It is already the second security patch for iOS in March. iOS 14.4.1 plugged a serious vulnerability in Apple’s browser engine WebKit, which enables a remote attacker to smuggle in malicious code when a manipulated website is accessed. However, no update for iOS 12 was included here.
Which bugs and security holes iOS 14.4.2, iOS 12.5.2 and watchOS 7.3.3 eliminate remains unclear for the time being. It can be assumed that the updates close loopholes that may already be actively exploited for attacks. Immediately importing the new versions seems to be recommended.
At the time of going to press, Apple had not yet published the relevant information on plugged vulnerabilities and the corresponding CVE numbers; they should follow later on Friday evening – at the beginning usually only in the English-language version of the support document.
iOS 14.5 will follow soon
At the same time, Apple has been testing the next major update for iOS 14 for several weeks: Version 14.5 brings a number of important innovations, including the option to unlock iPhones via Apple Watch – practical when wearing a face mask that disables Face ID. The update is also supposed to implement Apple’s tracking transparency initiative: Apps first have to obtain permission for advertising tracking. All details about the new functions of iOS 14.5 can be found in Mac & i issue 2/2021, which will be available from April 8th.
[Update 26.03.21 19:39 Uhr:] According to Apple, the updates iOS and iPadOS 14.4.2 as well as iOS 12.5.2 and watchOS 7.3.3 fill exactly one WebKit gap. This has the CVE ID 2021-1879 and concerns a universal cross-site scripting problem that could be exploited via “malicious web content”. Apple is aware of a report that this is already “actively” being done. The bug was discovered by two employees of the Google Threat Analysis Group.