Latest Apple iOS update fixes security flaw that's already been exploited

Joe White

Joe White

Posts: 69   +0
What just happened? If you’re anything like me, you might occasionally put off downloading iOS and iPadOS updates for a day or a week—especially small ones. But Apple’s most recent update for iPhone and iPad is one you should prioritize. It fixes a security flaw that is being actively exploited by malicious individuals out in the wild.

Another day, another security exploit. Apple explains in a security document that the minor update—iOS 14.4.2 and iPadOS 14.4.2—blocks “maliciously crafted web content [that] may lead to universal cross site scripting.” This means a malicious website could gain access to information on other pages you have open on your device. Older devices can download iOS 12.5.2, which includes a similar patch.

Apple goes on to add that this vulnerability has already been exploited, although further details aren’t available.

Installing the update is simple: Launch Settings on your device, tap General, then Software Update. If your iPhone or iPad hasn’t already auto-installed the update, iOS or iPadOS 14.4.2 should be ready and waiting.

This security fix is available for iPhone 6s and later on the 14.4.2 patch, while 12.5.2 covers devices dating as back as iPhone 5S from 2013, which looks like solid support in our book.

Permalink to story.

https://www.techspot.com/news/89075-latest-apple-ios-update-fixes-security-flaw-already.html

 
I remember a time when lots of people held this idea that Linux and macOS and iOS were just more "secure" than Windows. While that might be true from a design point, the mere fact that we're seeing way more vulnerabilities emerge with the popularity of iOS, even if not a 1 to 1 growth vs the user base, means that just being super popular and being a more attractive target means more security issues will be uncovered as time goes on.
 
  • Like
Reactions: JKnight
Linux is probably the least secure of any OS... being open source, it is far easier to find vulnerabilities... but hey, haters got to hate...
 
Squid Surprise said:
Linux is probably the least secure of any OS... being open source, it is far easier to find vulnerabilities... but hey, haters got to hate...
Click to expand...
What is that logic? An OS where all the code is open source should be the MOST secure, since it's code can be audited by anyone. Of course patching it is another matter, but still that is some broken reasoning.
Dimitriid said:
I remember a time when lots of people held this idea that Linux and macOS and iOS were just more "secure" than Windows. While that might be true from a design point, the mere fact that we're seeing way more vulnerabilities emerge with the popularity of iOS, even if not a 1 to 1 growth vs the user base, means that just being super popular and being a more attractive target means more security issues will be uncovered as time goes on.
Click to expand...
People.held this idea because marketing. Few looked into osx or linux for years, and as a result there were severe holes in their systems that went unnoticed until they were exploited.

Each one has its advantages, of course. User installed garbage is much harder to pull off on linux, though not impossible, compared to windows.
 
  • Like
Reactions: Dimitriid
Theinsanegamer said:
What is that logic? An OS where all the code is open source should be the MOST secure, since it's code can be audited by anyone. Of course patching it is another matter, but still that is some broken reasoning.
Click to expand...
Why would you think that?
It’s always easier to hack something that is open sourced... far easier to find vulnerabilities in something that way!
Yes, it’s easier to patch - assuming the exploits are known... many hackers don’t reveal their exploits....
 
Both of recent security fix are for webkit. not operating system itself, but apple distribute webkit with ios. if you run webkit on linux you are still needing update.
 
Theinsanegamer said:
What is that logic? An OS where all the code is open source should be the MOST secure, since it's code can be audited by anyone. Of course patching it is another matter, but still that is some broken reasoning.
People.held this idea because marketing. Few looked into osx or linux for years, and as a result there were severe holes in their systems that went unnoticed until they were exploited.

Each one has its advantages, of course. User installed garbage is much harder to pull off on linux, though not impossible, compared to windows.
Click to expand...
Theinsanegamer said:
What is that logic? An OS where all the code is open source should be the MOST secure, since it's code can be audited by anyone. Of course patching it is another matter, but still that is some broken reasoning.
People.held this idea because marketing. Few looked into osx or linux for years, and as a result there were severe holes in their systems that went unnoticed until they were exploited.

Each one has its advantages, of course. User installed garbage is much harder to pull off on linux, though not impossible, compared to windows.
Click to expand...
I think, the argument is, with open source it's easier to inject catastrophically malicious software right into the core of what's considered safe. The nearly decade long FBI backdoor in Mozilla/Tor is an example.
 
jobeard said:
Need to read "The Cathedral and the Bazaar" by Eric Raymond. Fundamental essay on Open Sourcing.

see https://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar
Click to expand...
Maybe you need to read Nikolai Bezroukov‘s responses :)

He wrote that book over 20 years ago - before a valid comparison between iOS and other locked OSes could be done.

While the debate still rages on, I’m still firmly on the open source is NOT more secure - and most big companies seem to agree with this view...
 
Every three of web browser engine are open source. webkit, blink, gecko. trident and edgehtml are discontinue. if use open source is problem then whole web should be avoided.
 
Squid Surprise said:
While the debate still rages on, I’m still firmly on the open source is NOT more secure - and most big companies seem to agree with this view...
Click to expand...
And that's because Open Source methods do NOT follow the waterfall techniques that myopic management uses to justify huge bureaucracies. Other topics on TS show users are fedup with M$ and the bloatware they produce.

Personally I'm on Mozilla Firefox right now and have been for years which is lean-n-mean compared to Edge & Chrome. I love the ability to clear cash & cookies every time a quit the browser -- where does that fit in the waterfall junk?
 
jobeard said:
And that's because Open Source methods do NOT follow the waterfall techniques that myopic management uses to justify huge bureaucracies. Other topics on TS show users are fedup with M$ and the bloatware they produce.

Personally I'm on Mozilla Firefox right now and have been for years which is lean-n-mean compared to Edge & Chrome. I love the ability to clear cash & cookies every time a quit the browser -- where does that fit in the waterfall junk?
Click to expand...
I'm not talking about features, convenience, ease of use, UI, or anything else.... just SECURITY...
And open source does NOT provide better security.
 
Squid Surprise said:
While the debate still rages on, I’m still firmly on the open source is NOT more secure - and most big companies seem to agree with this view...
Click to expand...
Do you think that part of that stance is because they want to sell you the same software you can get for free with open source?

The general tactics seem to be, loudly preach security, while making lots of money quietly behind the scenes.

You don't seem to be able to differentiate between actual threats, and your own abundant paranoia.
 
While I greatly disdain speculation, I'm of the camp that yells,
"the results speak for themselves"
and no belief system can counter that stance IMO.
 
@jobeard Here's the thing, you have to ask yourself, am I a big enough fish to be worth hacking? Most of us aren't. I have my ego under control at least to the point where I can make that distinction, and place myself in the "not worth it", category.

The whole Windows 10 assault was based on the concept, that an entity can do whatever it wants, and count on the idea that people are forgetful, and if they're not, they;ll forgive you anyway. I neither forgive nor forget. And M$ plays on people's security fears relentlessy to accomplish their ends, I'm just really hard to get through to with that avenue of attack..

Most of these "vulnerabilities", discovered, seem to be amplified to hysteria within the clusterf**k that is a tech site such as this.

As an example, when the new AMD CPUs came out, all of a sudden Intel CPUs were Swiss cheese with respect to security flaws That went on for months, powered by the legion of AMD, Intel hating fan boys.

There are plenty of members here who know it all, are never wrong, and simply must have the last word.

I'm just not as tolerant of it as many, and not terribly subtle in my responses to it. . Which, if I am guessing correctly, is why you've categorized me as, "he can be difficult at times".

It's easy to be disheartened and antagonistic when you realize that at least 75 million Americans, can't recognize a sociopathic pathological liar when they see one.
 
Last edited:
  • Like
Reactions: DelJo63
jobeard said:
While I greatly disdain speculation, I'm of the camp that yells,
"the results speak for themselves"
and no belief system can counter that stance IMO.
Click to expand...
How many hacks are there on windows vs Linux.... and remember to adjust for the fact that windows has a much larger market share.... I’m thinking Windows wins the security “battle” hands down.
 
captaincranky said:
There are plenty of members here who know it all, are never wrong, and simply must have the last word.
Click to expand...
I recall that "those that can DO, while the others Teach".
Guessing @Squidish never programmed a line of code in his life or ever run a Linux system let alone built one, but that's a totally unfair assumption so I'll apologize for assuming.
 
Squid Surprise said:
How many hacks are there on windows vs Linux.... and remember to adjust for the fact that windows has a much larger market share.... I’m thinking Windows wins the security “battle” hands down.
Click to expand...
and that's why the Internet is run on Linux servers?
 
jobeard said:
I recall that "those that can DO, while the others Teach".
Guessing @Squidish never programmed a line of code in his life or ever run a Linux system let alone built one, but that's a totally unfair assumption so I'll apologize for assuming.
Click to expand...
Actually I’ve coded a fair amount... and I can say from experience that *nix has plenty of exploits... as does Windows - but there are more for *nix...
 
jobeard said:
OK, I'll call a truce on the subject and wish you well.
Click to expand...
Please refer to post #17 paragraph 5, while reciting the "serenity prayer".

If that doesn't help, any one of of the benzodiazipine family of anxiolyrics may provide relief...
 
Last edited:
  • Like
Reactions: DelJo63
You must log in or register to reply here.

Similar threads

Daniel Sims
AirPods Pro may finally receive a "hearing aid mode" with iOS 18
Replies
0
Views
109
Daniel Sims
Daniel Sims
Shawn Knight
Apple prepares in-box iPhone software update system for unboxing convenience
Replies
4
Views
180
takaozo
takaozo
D
Google fixes critical Android flaw that could be exploited to hack your phone remotely
Replies
6
Views
288
envirovore
envirovore

Latest posts

Back