Apple released updates on Monday for its devices that patch flaws involving malicious web content. According to 9to5Mac, the web flaws could have led to the exploitation of “arbitrary code execution.” The first spotted flaw could have led to memory corruption, but Apple reportedly fixed it with “improved state management,” according to support documents from the company. A second flaw also was detected with the same malicious web content, which Apple resolved with “improved input validation.” However, Apple said that this vulnerability was actively being exploited in the wild when it was spotted. Lifewire has reached out to Apple for comment on the flaws and to find out how many users potentially were exploited. We will update this story if and when we hear back. The new updates that protect against these flaws are included in iOS14.5.1, iOS 12.5.3, macOS 11.3.1, and watchOS 7.4.1. Aside from security patches, 9to5Mac said the new iOS update also fixes an issue where Apple’s App Tracking Transparency feature was grayed out for some users. This is the first update and first spotted security flaw since Apple released its much-anticipated iOS 14.5 version last week. iOS 14.5 included new Siri voices, the option to choose a third-party music player app as your default music player, the ability to unlock your phone while wearing a face mask, and more. Apple prioritized user security and privacy in the iOS 14.5 update, with new security features like the ability to turn off app-tracking with the App Tracking Transparency feature. The feature—which experts are calling “the most significant improvement in digital privacy in the history of the internet”—automatically pops up when you download a new app to your iPhone, and asks you if you’d like to turn off tracking for the app or allow it.
