You will never end the game of cat and mouse that revolves between OS makers and hackers, and the good thing is that Apple is waiting for such people when it comes to making sure that security holes are closed as quickly as possible, a feature that many other smartphones do not have, and this What we always recommend when releasing a new update for Apple devices, especially when many people prefer to wait for others to take the initiative and then wait to see how things are going with them, and waiting may not be pleasant in some cases, so it is better to do the update so that we are safe from the risks The vulnerabilities and any problem that will arise make sure that Apple will resolve them as quickly as possible.
Hackers often find difficult and mysterious loopholes in Apple's infinitely narrow iOS security model that can be compromised for malicious purposes. When this happens, the best and only solution is for Apple to close those loopholes by updating the system, which means that if you want to be protected, you should always update to the latest version.
This is the case with updates iOS And the new WatchOS that was released late last Friday, which contains an important fix for a security vulnerability that may have been exploited heavily, as Apple says.
In other words, this is not just a theoretical fix. Hackers are already using a loophole in iOS 14.4 (and likely earlier) to hack users' iPhones. Of course, Apple is pretty cautious about how common this bug has already been fixed in iOS 14.4.2, iPadOS 14.4.2, and WatchOS 7.3.3. And unlike the release of iOS 14.4 that was released in January which also fixed three other known vulnerabilities, these latest updates focus exclusively on something dangerous that Apple discovered. Proof of this, Apple has released a rare patch for older iOS versions, the iOS 12.5.2 update.
This is intended to protect anyone who uses an old device that cannot be upgraded beyond this version, such as an iPhone 5s, iPhone 6, iPad Air, iPad mini 2, iPad mini 3, or the sixth generation iPod touch.
Apple has not released a similar patch to iOS 13, as all iPhone models capable of running iOS 13 can be upgraded to iOS 14, and thus can use the iOS 14.4.2 patch.
It is worth noting that only the Apple Watch 3 and later versions are compatible with watchOS 7. Apple has not made the watchOS 6 update available to users of the original Apple Watch or Apple Watch 1 or 2, so it is possible that the vulnerability is not present in watchOS 6.
In a series of support documents, Apple provides a brief explanation of the problem, and indicates that the vulnerability could be in the Safari browser and its main WebKit framework.
Apple also adds that the fix was based on the CVE-2021-1879 report, which was provided by Clement Lecigne and Billy Leonard of Google's Threat Analysis Group. This is a distinct group within Google for the "Project Zero" team, which is credited with discovering many vulnerabilities in the iOS operating system over the past few years.
It is worth noting that the Google Threat Analysis Group is a separate hacking team within Google that tracks government attacks. This indicates that the vulnerability found in this case may have been used by some governments, or a cyber espionage organization sponsored by these governments.
This is actually the third update to iOS 14 released this year that included fixes for potentially dangerous vulnerabilities, with iOS 14.4 patching at least three known vulnerabilities, and iOS 14.4.1 patching a WebKit flaw.