Latest Apple iOS update fixes security flaw that's already been exploited

Joe White

Posts: 57   +0
Staff
What just happened? If you’re anything like me, you might occasionally put off downloading iOS and iPadOS updates for a day or a week—especially small ones. But Apple’s most recent update for iPhone and iPad is one you should prioritize. It fixes a security flaw that is being actively exploited by malicious individuals out in the wild.

Another day, another security exploit. Apple explains in a security document that the minor update—iOS 14.4.2 and iPadOS 14.4.2—blocks “maliciously crafted web content [that] may lead to universal cross site scripting.” This means a malicious website could gain access to information on other pages you have open on your device. Older devices can download iOS 12.5.2, which includes a similar patch.

Apple goes on to add that this vulnerability has already been exploited, although further details aren’t available.

Installing the update is simple: Launch Settings on your device, tap General, then Software Update. If your iPhone or iPad hasn’t already auto-installed the update, iOS or iPadOS 14.4.2 should be ready and waiting.

This security fix is available for iPhone 6s and later on the 14.4.2 patch, while 12.5.2 covers devices dating as back as iPhone 5S from 2013, which looks like solid support in our book.

Permalink to story.

 

Dimitriid

Posts: 366   +637
I remember a time when lots of people held this idea that Linux and macOS and iOS were just more "secure" than Windows. While that might be true from a design point, the mere fact that we're seeing way more vulnerabilities emerge with the popularity of iOS, even if not a 1 to 1 growth vs the user base, means that just being super popular and being a more attractive target means more security issues will be uncovered as time goes on.
 

Squid Surprise

Posts: 3,912   +2,981
Linux is probably the least secure of any OS... being open source, it is far easier to find vulnerabilities... but hey, haters got to hate...
 

Theinsanegamer

Posts: 2,385   +3,464
Linux is probably the least secure of any OS... being open source, it is far easier to find vulnerabilities... but hey, haters got to hate...
What is that logic? An OS where all the code is open source should be the MOST secure, since it's code can be audited by anyone. Of course patching it is another matter, but still that is some broken reasoning.
I remember a time when lots of people held this idea that Linux and macOS and iOS were just more "secure" than Windows. While that might be true from a design point, the mere fact that we're seeing way more vulnerabilities emerge with the popularity of iOS, even if not a 1 to 1 growth vs the user base, means that just being super popular and being a more attractive target means more security issues will be uncovered as time goes on.
People.held this idea because marketing. Few looked into osx or linux for years, and as a result there were severe holes in their systems that went unnoticed until they were exploited.

Each one has its advantages, of course. User installed garbage is much harder to pull off on linux, though not impossible, compared to windows.
 

Squid Surprise

Posts: 3,912   +2,981
What is that logic? An OS where all the code is open source should be the MOST secure, since it's code can be audited by anyone. Of course patching it is another matter, but still that is some broken reasoning.
Why would you think that?
It’s always easier to hack something that is open sourced... far easier to find vulnerabilities in something that way!
Yes, it’s easier to patch - assuming the exploits are known... many hackers don’t reveal their exploits....
 

Cubi Dorf

Posts: 315   +195
Both of recent security fix are for webkit. not operating system itself, but apple distribute webkit with ios. if you run webkit on linux you are still needing update.
 

duckofdeath

Posts: 279   +372
What is that logic? An OS where all the code is open source should be the MOST secure, since it's code can be audited by anyone. Of course patching it is another matter, but still that is some broken reasoning.
People.held this idea because marketing. Few looked into osx or linux for years, and as a result there were severe holes in their systems that went unnoticed until they were exploited.

Each one has its advantages, of course. User installed garbage is much harder to pull off on linux, though not impossible, compared to windows.
What is that logic? An OS where all the code is open source should be the MOST secure, since it's code can be audited by anyone. Of course patching it is another matter, but still that is some broken reasoning.
People.held this idea because marketing. Few looked into osx or linux for years, and as a result there were severe holes in their systems that went unnoticed until they were exploited.

Each one has its advantages, of course. User installed garbage is much harder to pull off on linux, though not impossible, compared to windows.
I think, the argument is, with open source it's easier to inject catastrophically malicious software right into the core of what's considered safe. The nearly decade long FBI backdoor in Mozilla/Tor is an example.
 

Squid Surprise

Posts: 3,912   +2,981
Need to read "The Cathedral and the Bazaar" by Eric Raymond. Fundamental essay on Open Sourcing.

see https://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar
Maybe you need to read Nikolai Bezroukov‘s responses :)

He wrote that book over 20 years ago - before a valid comparison between iOS and other locked OSes could be done.

While the debate still rages on, I’m still firmly on the open source is NOT more secure - and most big companies seem to agree with this view...
 

Cubi Dorf

Posts: 315   +195
Every three of web browser engine are open source. webkit, blink, gecko. trident and edgehtml are discontinue. if use open source is problem then whole web should be avoided.
 
D

DelJo63

While the debate still rages on, I’m still firmly on the open source is NOT more secure - and most big companies seem to agree with this view...
And that's because Open Source methods do NOT follow the waterfall techniques that myopic management uses to justify huge bureaucracies. Other topics on TS show users are fedup with M$ and the bloatware they produce.

Personally I'm on Mozilla Firefox right now and have been for years which is lean-n-mean compared to Edge & Chrome. I love the ability to clear cash & cookies every time a quit the browser -- where does that fit in the waterfall junk?
 

Squid Surprise

Posts: 3,912   +2,981
And that's because Open Source methods do NOT follow the waterfall techniques that myopic management uses to justify huge bureaucracies. Other topics on TS show users are fedup with M$ and the bloatware they produce.

Personally I'm on Mozilla Firefox right now and have been for years which is lean-n-mean compared to Edge & Chrome. I love the ability to clear cash & cookies every time a quit the browser -- where does that fit in the waterfall junk?
I'm not talking about features, convenience, ease of use, UI, or anything else.... just SECURITY...
And open source does NOT provide better security.
 

captaincranky

Posts: 16,497   +5,304
While the debate still rages on, I’m still firmly on the open source is NOT more secure - and most big companies seem to agree with this view...
Do you think that part of that stance is because they want to sell you the same software you can get for free with open source?

The general tactics seem to be, loudly preach security, while making lots of money quietly behind the scenes.

You don't seem to be able to differentiate between actual threats, and your own abundant paranoia.
 
D

DelJo63

While I greatly disdain speculation, I'm of the camp that yells,
"the results speak for themselves"
and no belief system can counter that stance IMO.
 

captaincranky

Posts: 16,497   +5,304
@jobeard Here's the thing, you have to ask yourself, am I a big enough fish to be worth hacking? Most of us aren't. I have my ego under control at least to the point where I can make that distinction, and place myself in the "not worth it", category.

The whole Windows 10 assault was based on the concept, that an entity can do whatever it wants, and count on the idea that people are forgetful, and if they're not, they;ll forgive you anyway. I neither forgive nor forget. And M$ plays on people's security fears relentlessy to accomplish their ends, I'm just really hard to get through to with that avenue of attack..

Most of these "vulnerabilities", discovered, seem to be amplified to hysteria within the clusterf**k that is a tech site such as this.

As an example, when the new AMD CPUs came out, all of a sudden Intel CPUs were Swiss cheese with respect to security flaws That went on for months, powered by the legion of AMD, Intel hating fan boys.

There are plenty of members here who know it all, are never wrong, and simply must have the last word.

I'm just not as tolerant of it as many, and not terribly subtle in my responses to it. . Which, if I am guessing correctly, is why you've categorized me as, "he can be difficult at times".

It's easy to be disheartened and antagonistic when you realize that at least 75 million Americans, can't recognize a sociopathic pathological liar when they see one.
 
Last edited:

Squid Surprise

Posts: 3,912   +2,981
While I greatly disdain speculation, I'm of the camp that yells,
"the results speak for themselves"
and no belief system can counter that stance IMO.
How many hacks are there on windows vs Linux.... and remember to adjust for the fact that windows has a much larger market share.... I’m thinking Windows wins the security “battle” hands down.
 
D

DelJo63

There are plenty of members here who know it all, are never wrong, and simply must have the last word.
I recall that "those that can DO, while the others Teach".
Guessing @Squidish never programmed a line of code in his life or ever run a Linux system let alone built one, but that's a totally unfair assumption so I'll apologize for assuming.
 
D

DelJo63

How many hacks are there on windows vs Linux.... and remember to adjust for the fact that windows has a much larger market share.... I’m thinking Windows wins the security “battle” hands down.
and that's why the Internet is run on Linux servers?
 

Squid Surprise

Posts: 3,912   +2,981
I recall that "those that can DO, while the others Teach".
Guessing @Squidish never programmed a line of code in his life or ever run a Linux system let alone built one, but that's a totally unfair assumption so I'll apologize for assuming.
Actually I’ve coded a fair amount... and I can say from experience that *nix has plenty of exploits... as does Windows - but there are more for *nix...
 

captaincranky

Posts: 16,497   +5,304
OK, I'll call a truce on the subject and wish you well.
Please refer to post #17 paragraph 5, while reciting the "serenity prayer".

If that doesn't help, any one of of the benzodiazipine family of anxiolyrics may provide relief...
 
Last edited: