Apple has started rolling out security updates for various devices in its range of devices. The updates are designed to fix two zero-day vulnerabilities in WebKit, Apple’s browser engine that supports Safari, and all iOS and iPadOS web content in apps, including Mail and the App Store. Apple released the new security updates just a week after the latest updates were introduced, which attackers could use to execute malicious code.
The company has released iOS 14.5.1 and iPadOS 14.5.1 for various iPhone and iPad models, as well as macOS Big Sur 11.3.1 and watchOS 7.4.1 for its Mac computers and Apple Watch, respectively. Apple has also started rolling out iOS 12.5.3 for various older iPhone and iPad models, which will address four security issues related to WebKit.
Apple has provided details on the new firmware updates in a post stating that iOS 14.5.1 and iPadOS 14.5.1 fix two vulnerabilities prevalent in the WebKit browser engine that is used to render web content in Safari, App Store, is provided. Mail among others. The vulnerabilities are listed as CVE-2021-30663 and CVE-2021-30665. CVE-2021-30663 is said to be an integer overflow problem, while CVE-2021-30665 poses a memory corruption problem. The company said it was aware of reports of both security issues.
Apple has recommended that users download and install the updates for iOS 14.5.1 and iPadOS 14.5.1 on their devices to fix the security issues. Apple’s new update also fixes issues with a bug in the newly released app tracking transparency feature that was introduced in the previous version. Some users have reported that the feature continues to have issues even after the update.