Following the release of iPadOS 14.7 this morning, Apple has shared details on the security updates that are included in iOS 14.7, iPadOS 14.7, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7, all of which came out this week.
Notably, Apple's documentation confirms that the iOS 14.7 and iPadOS 14.7 updates address a WiFi-related vulnerability that could impact iOS devices when joining a malicious WiFi Network.
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution
Description: This issue was addressed with improved checks.
Back in June, a wireless networking naming bug was discovered, which could disable an iPhone or iPad's WiFi functionality. Joining a network named "%p%s%s%s%s%n" could, in some cases, permanently disable WiFi on a device, and in many other cases, it required resetting an iPhone entirely.
During the beta testing process, it was discovered that the bug was no longer functional, and Apple's notes make it clear that the issue has been addressed.
The iOS and iPadOS 14.7 updates also address a number of other security vulnerabilities related to audio files, Find My, PDFs, web images, and more, so all iPhone and iPad users should update to the new iOS 14.7 updates as soon as possible.
There are also security fixes in macOS Big Sur 11.5, tvOS 14.7, and watchOS 7.6. For Mac users who run older versions of macOS, Apple has released security updates for macOS Catalina and macOS Mojave.
Top Rated Comments
You will notice that the large list of security fixes in this release include numerous references to font and image parsing vulnerabilities. Exactly the kinds of things that an attacker can send in an iMessage.
Apple are trying hard to fill in the cracks of iMessage. But it's worrying that iMessage is probably stuffed full of zero-day vulnerabilities. Professor Matthew Green of John Hopkins University goes so far as to say ('https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/') that iMessage probably needs to be completely rewritten from scratch using safe coding practises.