Apple on Monday released updates for iOS, iPadOS, watchOS, and macOS. The updates contain security patches, while iOS and iPadOS also has a fix for an issue with App Tracking Transparency.
The Webkit fix is especially important. Apple’s security update document states that it fixes a flaw where, “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” Two phrases you never want to hear in a security update are “arbitrary code execution” and “may have been actively exploited,” so it’s important that users update as soon as possible.
How to install the updates
Before updating, it’s a good idea to back up your data, just in case the update causes problems. To install the update, you need an internet connection. Also, your device will need to restart in order to finish the installation. Here are the steps.
iPhone and iPad
- Open the Settings app
- Tap on General and then Software Updates.
- You can tap Learn more to read the release. To perform the installation, tap Download and Install.
Mac
- Click on the Apple menu.
- Select About this Mac.
- In the window that appears, go to the Overview tab if it’s not already open.
- Click on the Software Update button. This will open the Software Update system preference.
- You can click the More info link if you want to learn more about the update.
- When you are ready to install, click on the Update Now button. The installation takes several minutes, depending on the speed of the internet connection.
Apple Watch
- On your iPhone, launch the Watch app.
- Tap General.
- Tap Software Update. The app will look for the update online.
- When the app finds the update, you’ll see a screen with the release notes. Under the notes, tap Download and Install.
Notes on the security fixes
Apple’s security notes state that the follow are fixed in the updates.
WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA
WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: An integer overflow was addressed with improved input validation.
CVE-2021-30663: an anonymous researcher
App Tracking Transparency fix in iOS and iPadOS
The following are the release notes for iOS and iPadOS 14.5.1
This update fixes an issue with App Tracking Transparency where some users who previously disabled Allow Apps to Request to Track in Settings may not receive prompts from apps after re-enabling it. This update also provides important security updates and is recommended for all users.