Apple has released iOS 14.5.1 and iPadOS 14.5.1 for compatible iPhone and iPad models to fix two zero-day security flaws in WebKit that allowed hackers to run malicious code on recently updated devices. The same security flaws exist for Macs and Apple Watch models, which have also received updates to macOS Big Sur 11.3.1 and watchOS 7.4.1, respectively. The Cupertino-based company also released iOS 12.5.3 for its older iPhone and iPad models to fix a total of four WebKit-related security issues, including the two flaws of day zero.
According to the details provided by a security post from Apple, iOS 14.5.1, and iPadOS 14.5.1 fix the two vulnerabilities that exist in the WebKit browser engine, which is designed to display web content in Safari, the App Store, Mail, and other applications. The vulnerabilities are listed as CVE-2021-30663 and CVE-2021-30665.
While CVE-2021-30663 is described as an integer overflow problem, CVE-2021-30665 is a memory corruption problem. Both vulnerabilities allow hackers to execute malicious code through specially crafted web content.
Apple said it was aware of reports that both security issues may have been actively used. Therefore, users are advised to download and install iOS 14.5.1 and iPadOS 14.5.1 updates on their devices.
The new updates also include an adjustment to application tracking transparency prompts.
“This update fixes an application tracking transparency issue where some users who have previously disabled” Allow apps to require tracking in settings “may not receive prompts from apps after reactivating it,” the description said. of the update.
In addition to iOS 14.5.1 and iPadOS 14.5.1, Apple has released macOS Big Sur 11.3.1 and watchOS 7.4.1. These updates are also designed to fix the two zero-day vulnerabilities that the company has patched for newer iPhone and iPad models through iOS and iPadOS updates.
Apple also brought iOS 12.5.3 for its older iPhone, iPad and iPod touch models, namely iPhone 5s,, iPhone 6,, iPhone 6 Plus,, iPad Air,, iPad mini 2,, iPad mini 3, and iPod touch (6th generation). That amendments vulnerabilities in CVE-2021-30663 and CVE-2021-30665, along with two additional zero-day defects affecting WebKit, which are recorded as CVE-2021-30666 and CVE-2021-30661.
New security updates come just a week after Apple released iOS 14.5, iPadOS 14.5, macOS Big Sur 11.3, watchOS 7.4 and tvOS 14.5 for compatible devices. The company has also stopped signing iOS 14.4.2, which means that users will not be able to upgrade to an earlier version of iOS from iOS 14.5 or iOS 14.5.1 if they have already updated their Apple devices.
How to download iOS 14.5.1, iPadOS 14.5.1, macOS Big Sur 11.3.1, watchOS 7.4.1
IOS 14.5.1 and iPadOS 14.5.1 can be downloaded via Settings > Total > Software updates for valid iPhone and iPad models. For MacBook, iMac, Mac mini and other Mac models, macOS Big Sur 11.3.1 can be downloaded by logging in System preferences > Software update after you click the Apple menu icon in the upper-left corner of your computer screen. You can also find the latest macOS update by visiting Everything about this Mac setting from the Apple menu.
Apple Watch users can download the watchOS 7.4.1 update by going to My watch from the Watch app on their iPhone. The update can also be downloaded directly from the Apple Watch.