Apple recently released iOS 14.5, along with security fixes for a whopping 50 vulnerabilities.
The fixes in iOS 14.5 are the fourth major security update released by Apple in 2021 and certainly the largest in terms of volume.
The vulnerabilities fixed in iOS 14.5 include an issue with WebKit Storage, where processing maliciously crafted web content may lead to arbitrary code execution, according to an Apple support document. Apple says this vulnerability, labelled CVE-2021-30661 “may have been actively exploited.”
Sean Wright, SME Application Security Lead at Immersive Labs says: “There are quite a few vulnerabilities, and some of them are remote code execution (RCE), meaning an attacker would be able to execute commands on your device, effectively having full control over your iPhone—this is especially possible if they chain some of the vulnerabilities together to achieve it”.
It is important that you and others in your organization update your devices as soon as possible.
Please note that updates are not always automatically applied. Information on how to update your devices can be found on the apple website
TC120847(0521)1
