Apple has started rolling out updates to iPhones, iPads, and Macbooks. This time around, the updates fix two active security issues that could allow arbitrary code execution with kernel privileges. The updates also include new emojis and bug fixes. The update for iPhones is iOS 14.6.1, for iPads, it’s iPadOS 14.6.1, and for Macbooks, it’s macOS Big Sur 11.3.1. It is advised to update your device as soon as possible to avoid any potential risks or problems.
While these two exploitable security issues may not be something to worry about, they have been actively exploited by hackers, which could compromise your data or privacy. To better protect you against malicious website content or apps, this update comes with improved performance and better security for your Apple device. The update isn’t too heavy, so it won’t take a lot of time to update your device.
To update your iPhone and iPad to 14.6.1:
- Open device settings and head over to General.
- From there, tap on Software Update and then select Download and Install.
To update your Macbook to macOS Big Sur 11.3.1:
- Open System Preferences from the Apple Menu that appears in the upper-left corner of the screen.
- Click on Software Update and then check for the update. Update your Mac to the latest version of macOS Big Sur.
Apple has fixed two actively exploited security threats with the latest update:
iOSurfaceAccelerate
Devices above iPhone 8, iPad Pro (all generations), iPad Air 3rd Gen, iPad 5th Gen, and iPad Mini 5th Gen were impacted. An app may be able to execute arbitrary code with kernel-level privilege. This feature was often exploited, and this has been reported as CVE-2021-30713: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. An out-of-bounds write issue was addressed with improved input validation.
WebKit
Devices above iPhone 8, iPad Pro (All Generation), iPad Air 3rd Gen, iPad 5th Gen, and iPad Mini 5th Gen were all impacted. Due to this, some web content may process malicious code, which can lead to arbitrary code execution. This was reported as WebKit Bugzilla: 254797 CVE-2023-28205. Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab described it as a use-after-free issue that was addressed with improved memory management.
Apple Fixed Watch Auto-Unlock Feature
The company also fixed the Apple Watch auto-lock feature and Siri responsiveness, which was reported by several users. To update your Apple Watch to the latest version:
- Open Apple Watch on your iPhone and then tap on the My Watch tab.
- From there, head over to General and then tap on Software Update. It will ask for authentication. After entering it, you need to wait for the update to complete.
- During the update process, don’t power off or restart your device. Once it finishes downloading and installing the update, then you can restart your Apple Watch.
If you have enabled auto-update, then your device is likely to get updated to the latest version overnight. However, for this, your device needs to have at least 50% battery and be connected to Wi-Fi. You should keep your device nearby.
If you have not updated your device yet, then Apple recommends users update their device as soon as possible. Apple acknowledges that these issues have been actively exploited. However, some users have reported that after the update, they have faced trouble with Safari on iPad. In this case, you can try restarting your device or clearing the cache. If you still have trouble with Safari on iPad, it is likely to be fixed with a Safari update. If you still face issues, please contact Apple support.
