



Apple officially released iOS 14.6 and macOS Big Sur 11.4 to users yesterday (May 24th). This is a broad update that spans new support for the Apple Card family, AirTag updates, and a staggering number of major fixes for security issues. Wobble on the “very serious” side of things.

Introduced last month, iOS 14.5 has a lot of attention-grabbing features aimed at changing the way you use your phone. With iOS 14.6, you can quickly afford to lose track of Apple’s updates, which seem endless at the moment. However, given the security issues summarized below, we recommend updating your smartphone to iOS 14.6.

The real point of iOS 14.6 is the numerous security fixes that address many critical vulnerabilities. These range from malicious audio files that can be exploited by malicious attackers to reveal sensitive personal information to the obvious weaknesses of iOS’s core services that provide malware entry points. Over.

Here’s everything you need to know about this latest security threat to macOS and iOS devices, and why you need to update your iPhone, iPad, and Mac as soon as possible.

How to update to iOS 14.6 now

To update iPhone software to iOS 14.6[設定]Go to[一般]Choose. next,[ソフトウェアアップデート]Tap. From here you should be able to update to iOS 14.6. The download is about 577MB, so it shouldn’t take long over Wi-Fi.

Security fix for macOS Big Sur 11.4

Apple counts 38 different flaws fixed in iOS 14.6 and iPad OS 14.6, some of which have multiple Common Vulnerabilities and Exposures (CVE) reference numbers.

Some of the same flaws have been fixed in macOS Big Sur 11.4, and Apple’s count has fixed 58 flaws. (MacOS 10.15 Catalina and 10.14 Mojave also have patches.)

The main security issue facing macOS is nasty malware that secretly takes screenshots of the user’s Mac and requires more urgent system updates.

During an investigation into the XCSSET malware first discovered in August 2020, cybersecurity firm Jamf said MacOS’s zero-day exploit (CVE-2021-30713) circumvented Apple’s transparency consent and control protection. I found it used by XCSSET.

This feature, which stands for TCC, sounds a virtual alarm when the app is operating in a way that can threaten user privacy, such as taking a photo or recording a keystroke. By circumventing this protection, the XCSSET malware can circumvent the protection measures for your privacy.

According to Jamf researchers, “exploits in question could allow an attacker to gain full disk access, screen recording, or other permissions without the explicit consent of the user.”

This is a very serious vulnerability. This is not only because unauthorized access to the user’s files can be exploited, but also because video and audio can be recorded directly from the victim’s computer while hijacking permissions for other apps.

This weakness is reportedly patched in the latest version of macOS Big Sur 11.4 released on Monday (May 24th). You can get the latest macOS Big Sur update from the Mac App Store.

iOS 14.6: WebKit update

Once again in the limelight is our old friend WebKit. WebKit is the engine behind Apple’s Safari browser, which has already been seriously scrutinized for security vulnerabilities earlier this year and is no stranger to bad news.

The vulnerability is a cross-site scripting attack against iPhone users. Here, hackers can steal internet cookies and sessions in Safari and effectively break into a complete hijacking of your account. According to The Register, the bug hunter has identified seven vulnerabilities in the browser engine and “includes two that allow arbitrary code execution.”

iPhones and iPads can be compromised by these malicious web pages and pinch details and sensitive information. Apple has listed six fixes to WebKit in iOS 14.6 to prevent these attacks and to stop “maliciously created web content” for universal cross-site scripting.

Apple’s watchOS and tvOS have also received security updates to fix many of the same issues.

Too little, too late?

Apple states that it is aware of reports that three macOS and tvOS zero-day vulnerabilities (CVE 2021-30663, 30665, and 30713) “may have been actively exploited.” In other words, these are “zero-day” flaws in that they are exploited by attackers before the defender provides a fix.

However, Apple stopped adding more information about who could have exploited these security holes before the fix was released. These three flaws don’t seem to be found on iOS, iPadOS, watchOS, macOS Catalina, and Mojave.

All these operational statements are to update your iPhone, iPad, Mac, Apple Watch, and Apple TV now. There is a powerful set of update steps on how to upgrade to the iOS 14.6 Guide if you get stuck.

