MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,094
15,880


Apple today released unexpected iOS 14.7.1 and iPadOS 14.7.1 updates to the public, and according to a newly released support document, the software addresses a serious security vulnerability that may have been exploited in the wild.

General-iOS-14.7.1-Feature.jpg

Apple says that an application may have been able to execute arbitrary code with kernel privileges due to a memory corruption issue. "Apple is aware of a report that this issue may have been actively exploited," reads the document.

The vulnerability has been addressed with improved memory handling, and because this is a security issue that may have affected some users, all iPhone and iPad users should update to iOS 14.7.1 and iPadOS 14.7.1 as soon as possible. The same vulnerability has also been addressed in the macOS Big Sur 11.5.1 update.

The iOS 14.7.1 update also fixes a bug that could prevent Touch ID iPhones from unlocking an Apple Watch.

Article Link: iOS 14.7.1 and macOS Big Sur 11.5.1 Patch Security Vulnerability That May Have Been Actively Exploited
 
  • Like
Reactions: RandomDSdevel

Localcelebrity

macrumors regular
Feb 10, 2004
119
182
Chicago, IL
Why the secrecy on this one. Pegasus patched but they don’t want to admit it?
Probably because they can’t be sure they’ve patched all the ways in, only the ones they know about.

Also, Apple would definitely like to avoid increased media scrutiny by corroborating anything related to Pegasus, especially considering how few people were actually impacted, they don’t want to add to the hysteria.

Lastly, the less information they can give hackers as to how they patch things, the better.
 
Comment

coolfactor

macrumors 603
Jul 29, 2002
5,130
5,560
Vancouver, BC
I'm still getting my M1 Air set up as my primary machine to replace my 2013 Air. Sweet machine! Love the refined design of both the hardware and software.

Tried running one of my iOS apps last night. Very cool!
 
Comment

coolfactor

macrumors 603
Jul 29, 2002
5,130
5,560
Vancouver, BC
I spent last night watching some Windows-focused videos on YouTube, talking about how Windows continues to "beat Apple and Google". It's shocking to realize that there's a whole population out there that has no idea what it's like to be a true Mac user. But then there are moments like this that make us realize that Apple is still a baby in the computer security department, largely because of their proactive approach of designing secure-first, so actual serious vulnerabilities are few and far between.
 
Comment

nwcs

macrumors 68020
Sep 21, 2009
2,191
3,400
Tennessee
What I don’t get is why the actual update process takes so long. That is, the part after everything is backed up. For such a small update it took a very long time.
 
  • Like
Reactions: Premium1
Comment

Populus

macrumors 68020
Aug 24, 2012
2,045
2,345
Valencia, Spain.
Why the secrecy on this one. Pegasus patched but they don’t want to admit it?
Source that Pegasus was patched?? I ask because I haven’t read it anywhere, and the Pegasus vulnerability was on iMessage and I don’t read anything related iMessage.

I’m just asking because I’d be happy to know this was the Pegasus patch we were expecting
 
  • Like
  • Love
Reactions: dadiy and ikjadoon
Comment

LV426

macrumors 65816
Jan 22, 2013
1,226
955
What I don’t get is why the actual update process takes so long. That is, the part after everything is backed up. For such a small update it took a very long time.
According to our friendly Internet:
  • Firmware updates are only provided as part of a macOS update, and Apple deems it necessary for every macOS update to include a complete set of current firmware for Intel models. This contributes around 600 MB to every update, perhaps more now to cater for T2 and M1 models too.
  • The dyld cache, nine files occupying about 4 GB when compressed in /System/Library/dyld, which contains a dynamic linker cache of all the system-provided libraries. These fall within the SSV, and appear to have to be freshly provided in every macOS update.
  • Full support for both Intel and ARM-native code, with the exception of Rosetta 2, which only resides on the Data volume of Apple Silicon models and is managed separately.
Ergo, it might look like a small update, but it really isn't.
 
  • Like
Reactions: Big Ron
Comment

Luposian

macrumors regular
Apr 10, 2005
242
155
Welcome to the world of Apple's guinea pigs! Where WE are the testers/provers of their software! Fun, innit? :rolleyes:
 
  • Like
Reactions: Premium1
Comment

sw1tcher

macrumors 68020
Jan 6, 2004
2,390
4,680
Not to disagree with you about liking updates but Microsoft does update Windows 10 every month, sometimes more often. They aren't exactly slacking either.
And Microsoft offers a much longer support life for Windows than Apple does for macOS too.

Windows 7 came out in 2009. Extended support ended Jan. 14, 2020.

Windows 10 came out in 2015 and support is scheduled to end in 2025.
 
Comment

LV426

macrumors 65816
Jan 22, 2013
1,226
955
Why the secrecy on this one. Pegasus patched but they don’t want to admit it?
Apple never disclose the details of security fixes until they have been released to the public. Quite rightly so, because knowledge of the fix can be an open invitation to bad guys to exploit unpatched machines. No great mystery about that.

There is no single known vulnerability that Pegasus exploits. Apple software is good, but it's not bullet-proof. Pegasus apparently exploits vulnerabilities that Apple doesn't know about (so called zero-day bugs). Recent Apple security updates in the past week have addressed a swathe of security problems. There will be more. iOS and macOS are extremely complex and there are armies of hackers trying to find ways in.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.