![]() On your iPhone or iPad: Settings > General > Software Update.Could let other users read or modify content that should be off-limits. Could let an otherwise innocent app escape from its security controls. Could spill secrets such as encryption keys, or leak memory addresses that help to bypass address space layout randomisation (ASLR). Could reveal network traffic to people who shouldn’t be able to see it. Could lead to Apple’s rudimentary built-in anti-virus allowing malware to sidestep its checks. Could lead to you being tracked when you thought you couldn’t be. Could lead to a complete jailbreak of device security. The security fixes in this round of updates close off holes that include: The patches include many that don’t immediately sound as serious as Log4Shell (because they aren’t actively and aggressively being abused already), but that could in theory have been even worse (because they involve more serious side-effects, such as potential full kernel compromise). The bad news, perhaps, is that there are plenty of other vulnerabilities that were patched by Apple. The good news, if you want to think of it that way, is that it isn’t: we didn’t see mention of the text CVE-2021-44228, Log4Shell or Log4j anywhere in any of the abovementioned bulletins. (Apple, as you know, has an official policy of saying as little as possible about updates and update cycles, so we shall have to wait and see.)Īs you can imagine, given the timing of this update, our first thought was to jump straight to the bulletins above and search for CVE-2021-44228, better known as Log4Shell, to see if the cybersecurity crisis currently circulating the globe was behind these patches. ![]() In the past, we’ve noticed an apparent correlation between delayed updates for individual platforms and delayed listings on HT201222, but we have no idea whether that is coincidence rather that true correlation, or a desire on Apple’s part to hold off updating the central listing until all the new versions can be displayed in one go. …but we did notice that Apple’s main security noticeboard page, HT201222, still doesn’t mention the updates listed above. Observant readers will notice that the URLs in the list above form an unbroken numeric sequence except for a gap at HT212977, so whether that’s a space left open for a delayed update for iOS 14 or not we can’t tell you… The updated versions you’re looking for are:Īs for iOS 14 and iOS 12, which are the official previous and pre-previous iPhone operating systems (in the same way that Big Sur and Catalina are the previous incarnations of macOS), there’s no sign of any updates for them. …but it’s also time to check your Apple devices, because Apple just pushed out a slew of its they-arrive-when-they’re-ready-and-don’t-expect-any-warning security patches. Not only is it Patch Tuesday (keep your eye on our sister site for the latest on that score later in the day)… Amongst all the brouhaha about Log4Shell, it’s easy to forget all the other updates that surround us.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |