Apple has started rolling out security updates for various devices in its device lineup. The updates are said to patch two zero-day security flaws in WebKit, Apple’s browser engine that powers Safari, and all iOS and iPadOS web content in apps including Mail and App Store among others. Apple has released the new security updates just one week after rolling out its last set of updates, which allowed attackers to execute a malicious code.
The company has released iOS 14.5.1 and iPadOS 14.5.1 for various iPhone and iPad models and also released macOS Big Sur 11.3.1 and watchOS 7.4.1 for its Mac computers and Apple Watch respectively. Apple has also started rolling out, iOS 12.5.3 for various older iPhone and iPad models which will fix four WebKit-related security issues.
Apple, in a post, provided details on the new firmware updates stating that iOS 14.5.1 and iPadOS 14.5.1 will fix two vulnerabilities that are prevalent in the WebKit browser engine, which is meant for rendering Web content in Safari, App Store, Mail among others. The vulnerabilities are listed as CVE-2021-30663 and CVE-2021-30665. The CVE-2021-30663 is said to be an integer overflow problem while the CVE-2021-30665 is a memory corruption issue. The company has stated that it was aware of reports of both the security issues.
Apple has recommended users download and install the iOS 14.5.1 and iPadOS 14.5.1 updates on their devices to fix the security issues. Apple’s new update also fixes problems with a bug in the newly released App Tracking Transparency feature, which was rolled out in the previous version. Some users have reported that the feature is still having issues even after the update.