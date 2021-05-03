



Expansion / 2020 iPhone lineup. From left to right: iPhone 12 Pro Max, iPhone 12 Pro, iPhone 12, iPhone SE, and iPhone 12 mini.

A week after Apple issued the largest iOS and iPad OS update since the September release of version 14.0, the company has two zero-days that allow attackers to execute malicious code on completely modern devices. We have released a new update that applies the patch. The Monday release of version 14.5.1 also fixes a bug in the newly released App Tracking Transparency feature that was deployed in previous versions.

Both vulnerabilities exist in Webkit, a browser engine that renders web content in Safari, Mail, the App Store, and other selected apps running on iOS, macOS, and Linux. CVE-2021-30663 and CVE-2021-30665 have been patched due to zero-day tracking. Last week, Apple fixed CVE-2021-30661. This is another code execution flaw in iOS Webkit, which could also be actively exploited.

Processing maliciously crafted web content can lead to arbitrary code execution, Apple said in a security note, citing a flaw. Apple is aware of reports that this issue may have been actively abused.

CVE-2021-30665 was discovered by researchers at Qihoo 360, a security company based in China. Other vulnerabilities have been discovered by anonymous sources. Apple does not provide details about who is using the exploit or who is the target of the exploit.

An ad coveted by a black hat and feared by advocates

According to statistics from Google’s Project Zero Vulnerability Research Team, the three recently patched iOS vulnerabilities will result in seven zero-days being actively exploited by iOS users. To date, a total of 22 zero-days have been discovered in 2021, with nearly 33% of them abusing the Apple mobile operating system. This makes iOS the second most targeted software for this year’s zero-day attacks. This is second only to Chrome, which had eight zero-day attacks.

Zero-day attacks are eagerly coveted by black hats and feared by defenders, as they are unknown to vulnerable software developers and the general public. This means that anyone who discovers a security flaw can use it to hack a completely modern device. In many cases, little or no detection is done.

Apart from this, 14.5 fixes a bug where some users don’t see the App Tracking Transparency prompt.

This update fixes an issue with app tracking transparency.before[設定でアプリにトラッキングのリクエストを許可する]Some users who have disabled may not be prompted by the app after re-enabling the app. This update also provides important security updates and is recommended for all users.

Apple released App Tracking Transparency in last week’s release of iOS 14.5. With this addition, Facebook has become a fuss because it prevents company apps from tracking user activity among other apps that users have installed without their explicit permission. The second bug can cause the App Tracking Transparency toggle in the settings menu to be grayed out. There are many reports that toggles remain grayed out for many users even after updating to iOS 14.5.1. Apple personnel didn’t immediately respond to requests for comment.

