According to Apple, the processing of maliciously prepared content could result in the execution of arbitrary code on a device, that is, it would give a hacker the power to run a program on the victim's system.
- AirDrop flaw leaks users' email addresses and phones
- Cellebrite: software used in the Henry Borel case has several security flaws
- Man sues police after being mistakenly arrested for facial recognition failure
The bug in question is CVE-2021-30665. The Mac OS “Big Sur” update fixes a second bug, which can also result in code execution, and is the result of an “overflow” in the processing of integers. This fault has the code CVE-2021-30663.
More details about the updates are available at security page from Apple.
What's new in iOS 14.5
IOS 14.5 was launched a week ago. The most prominent, and also the most controversial, feature in this version is the App Tracking Transparency (ATT): apps now need to get user permission before tracking their data on third party apps or websites for advertising or to share their data with data brokers. In settings users will be able to see which apps have requested permission to crawl, so they can change their choices at any time.
In addition to ATT, the new version of iOS also brings the ability to unlock the iPhone with the Apple Watch if you're wearing a face mask, more diverse voices for Siri, skin tone options to better represent emoji couples, and lots of more.