Apple’s iOS 14.6 has just arrived, along with some cool new features. But the latest iPhone update also fixes a whopping 43 security vulnerabilities, some of which are pretty serious.
The launch of iOS 14.6 comes just weeks after iOS 14.5.1, a mid-cycle emergency security update, which fixed a number of issues that hackers had been already using to attack iPhones.
Thankfully, it doesn’t appear the security issues fixed in iOS 14.6 have been exploited by hackers yet. In other words, the security holes are there, but adversaries don’t yet appear to have the details.
Apple doesn’t tend to give much detail about security fixes, because the iPhone maker prefers to wait until a large proportion of users have updated their phones first. Among the vulnerabilities addressed in iOS 14.6, the most serious appear to be in WebKit, the engine that powers Apple’s Safari browser. WebKit has also been at the center of multiple other security issues fixed by Apple this year.
The two remote code execution flaws in WebKit could potentially be combined with others such as the kernel arbitrary code execution issues fixed in iOS 14.6 to gain kernel level access, says Sean Wright, SME application security lead at Immersive Labs. “This is pretty much as bad as it gets,” he says.
Wright also picks out another concerning issue, labelled CVE-2021-30737, “which is the ability to execute code via a certificate.”
This is a problem because it could potentially lead to it being remotely exploitable, he warns. “Again it could be chained with some of the higher level vulnerabilities to lead to a compromise of the entire device.”
iOS 14.6: Why you should update now
As well as offering you a host of new features, iOS 14.6 is another big security update for your iPhone. With this in mind, Wright advises iPhone users to update “as soon as possible.”
But at the same time, Wright points out, there are two pieces of good news: “There’s an update available to address these issues, and as far as we can tell, none of the vulnerabilities are being actively exploited.”
The iOS 14.6 upgrade also fixes a number of bugs, including an issue that meant Unlock with Apple Watch wasn’t working properly for iPhone users trying out the new mask friendly iOS 14.5 feature.
You know what to do: it’s a good idea to update your iPhone to iOS 14.6 right now to ensure it’s as safe as possible.