Apple’s iOS 14.7 has arrived, along with some cool new features. But iOS 14.7 also comes with a warning to update now, because it includes some important security fixes for 37 iPhone vulnerabilities.
The iOS 14.7 update arrived a couple of days ago, but it was missing the crucial list of security fixes that usually come alongside iOS upgrades. Strangely, iPadOS 14.7 was nowhere to be seen, but this has now been issued along with the list of security fixes.
Issues fixed by iOS 14.7 include four in WebKit, the engine that powers the Safari browser, which require someone to download a malicious file or content. IOS 14.7 also fixes a known issue where joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution.
There are a worrying number of code execution vulnerabilities, says Sean Wright, SME security lead at Immersive Labs. While not all of them are remotely executable—ie the attack can’t be performed without physical access to the device—he says some some “could be chained with other vulnerabilities or techniques to exploit.”
The list of security issues fixed in iOS 14.7 and iPad 14.7 do not mention Pegasus—the spyware that hit the news over the weekend that can take advantage of a weakness in Apple’s iMessage. A compromise of someone’s iPhone is worryingly possible via a “zero click attack”—via a iMessage media message that requires no interaction from the user. Watch out as there could be another security fix coming soon, possibly in iOS 14.7.1.
The list of vulnerabilities addressed in iOS 14.7 is all the detail we have, since Apple prefers to wait before revealing too much information. This gives time for as many people as possible to update their iPhones before malicious actors can get their hands on the details.
The release of iOS 14.7 is the latest in a whole bunch of security updates issued by Apple this year. In May, the previous update, iOS 14.6, fixed 43 iPhone security vulnerabilities. Earlier in May, the 14.5.1 emergency update fixed issues that may have already been used by malicious adversaries to attack iPhones.
iOS 14.7: Don’t wait to update
Many people prefer to wait before applying iOS upgrades, but when it comes to security, it’s integral that you update now to iOS 14.7. Sadly, iOS 14.7 does come with several bugs, but preventing your iPhone being hacked is a more urgent priority.
Based off the sheer number of code execution vulnerabilities—with some being remotely exploitable—Wright “highly recommends” you update to version 14.7 of iOS and iPadOS as soon as you can.
I agree, and it doesn’t take long to do it now.
To update your phone go to Settings > General > Software Update and follow the prompts.
In iOS 15, there’ll be no excuse not to apply security updates, because they will be separate from features upgrades. But for now, you need to update to iOS 14.7 as soon as possible to keep your iPhone safe.