Apple’s iOS 14 includes a bunch of cool new iPhone features, but the major operating system update also addresses a list of 11 security vulnerabilities.
Apple’s iOS 14 includes a bunch of cool new iPhone features, but the major operating system update … [+] also addresses a list of 11 security vulnerabilities.
Unless you’ve been hiding under a rock you’ll know that iOS 14, Apple’s long-awaited iPhone update, is now here with a host of cool new features. But iOS 14 also contains security updates that fix 11 vulnerabilities—another incentive to install it on your iPhone if you haven’t yet.
The 11 security bugs addressed in iOS 14 span Apple Keyboard, Assets, WebKit, Siri, Apple AVD and Sandbox, some of which are pretty serious.
An issue fixed in Model I/O could lead to arbitrary code execution when processing a maliciously crafted USD file. Meanwhile, the sandbox vulnerability may allow a malicious application to access restricted files.
The Siri bug is a lock screen issue that could allow access to messages on a locked device, while a vulnerability fixed in WebKit meant that processing maliciously crafted web content might lead to a cross site scripting attack.
There are quite a few security bugs in this list, so, should you be concerned? Although some of the issues fixed in iOS 14 are serious, they are challenging to exploit—in other words the adversary would find it difficult in reality to carry out their attack because certain conditions would need to be met.
“While these security issues are a cause for concern—any vulnerability that allows for remote code execution is risky—the complexity of executing the appropriate exploits is difficult because it requires either physical access or socially engineering the user to open a specially crafted file,” says Sean Wright, application security lead at Immersive Labs.
“While not impossible, it does raise the barrier to exploit, especially if physical access is required—which ironically would be even harder now with the pandemic,” Wright points out.
Therefore, as Wright outlines, these issues should not represent an issue if you are following best security practices: Only installing apps via the official App Store, and not opening attachments from unknown senders or authors.
If you are doing these things already, Wright thinks it should be ok to wait if you prefer not to upgrade to iOS 14 while any bugs are ironed out. But if you aren’t technically savvy, it’s a good idea to upgrade to iOS 14 now.
That said, I’ve been trying out iOS 14 over the last few days, and I’m not having any major problems. As well as protecting yourself from security bugs, iOS 14 includes a bunch of new security and privacy features that you can use to lockdown your iPhone.
I’m a freelance cybersecurity journalist with over a decade’s experience writing news, reviews and features. I report and analyze breaking cybersecurity and privacy
I’m a freelance cybersecurity journalist with over a decade’s experience writing news, reviews and features. I report and analyze breaking cybersecurity and privacy stories with a particular interest in cyber warfare, application security and data misuse by the big tech companies. In addition to Forbes, you can find my work in Wired, The Times, The Economist and The Guardian. Contact me at [email protected]
iOS 14 update,widgets
World news – US – iOS 14: Apple Just Gave iPhone Users 11 Security Reasons To Update Now