In the latest Apple developments, Apple has released an iOS 14 update that has patched two ios zero day vulnerabilities within the OS and updates for an app tracking transparency issue.
The update comes only weeks after the tech giant issued an update of iOS 14.0 and IPadOS 14.0.
Malicious ios Zero-Days:
The update patch was released on Monday and updated with version no 14.5.1 which addressed the two ios zero days.
The ios zero days had the potential to facilitate malicious actors with malicious code execution abilities.
Subsequently, the update also fixes problems with a bug in the newly released App Tracking Transparency feature rolled out in the previous version.
Both the zero-days tracked as within the iOS and IPadOS, CVE-2021-30663 and CVE-2021-30665, exist in Webkit which is a browser engine that yields web content in Safari, Mail, App Store, and other select apps running on iOS, macOS, and Linux.
In the previous week, Apple has fixed a similar code-execution flaw, tracked as CVE-2021-30661, in the WebKit component of the iOS web browser section that could have been exploited.
“Processing maliciously crafted web content may lead to arbitrary code execution,” Apple said in its security notes, referring to the flaws. “Apple is aware of a report that this issue may have been actively exploited.” MacOS 11.3.1.
Staggering tally of Apple Zero-days:
Tallying the total number of the iOS zero day vulnerabilities found, the total comes to about 22 zero-day found in 2021 alone, as was researched by the Google Project Zero vulnerability research team.
Thus makes up about 33% of vulnerabilities found in the Apple iOS itself.
App Tracking Transparency bug:
The Monday update of Apple 14.5.1 has also deployed a patch for a flaw that made users unable to see App Tracking Trasperency prompts.
The App tracking transparency security patch deployed especially impacts Facebook since it prevents the company’s app from tracking user activity across other apps users has installed without explicit permission.