Apple’s iOS 14 includes a bunch of cool new iPhone features, but the major operating system update also addresses a list of 11 security vulnerabilities

Unless you’ve been hiding under a rock you’ll know that iOS 14, Apple’s long-awaited iPhone update, is now here with a host of cool new features. But iOS 14 also contains security updates that fix 11 vulnerabilities—another incentive to install it on your iPhone if you haven’t yet. 

The 11 security bugs addressed in iOS 14 span Apple Keyboard, Assets, WebKit, Siri, Apple AVD and Sandbox, some of which are pretty serious.

Security issues fixed in iOS 14 

An issue fixed in Model I/O could lead to arbitrary code execution when processing a maliciously crafted USD file. Meanwhile, the sandbox vulnerability may allow a malicious application to access restricted files.

The Siri bug is a lock screen issue that could allow access to messages on a locked device, while a vulnerability fixed in WebKit meant that processing maliciously crafted web content might lead to a cross site scripting attack.

How important is it to update to iOS 14?

There are quite a few security bugs in this list, so, should you be concerned? Although some of the issues fixed in iOS 14 are serious, they are challenging to exploit—in other words the adversary would find it difficult in reality to carry out their attack because certain conditions would need to be met. 

“While these security issues are a cause for concern—any vulnerability that allows for remote code execution is risky—the complexity of executing the appropriate exploits is difficult because it requires either physical access or socially engineering the user to open a specially crafted file,” says Sean Wright, application security lead at Immersive Labs. 

“While not impossible, it does raise the barrier to exploit, especially if physical access is required—which ironically would be even harder now with the pandemic,” Wright points out.

Therefore, as Wright outlines, these issues should not represent an issue if you are following best security practices: Only installing apps via the official App Store, and not opening attachments from unknown senders or authors.

If you are doing these things already, Wright thinks it should be ok to wait if you prefer not to upgrade to iOS 14 while any bugs are ironed out. But if you aren’t technically savvy, it’s a good idea to upgrade to iOS 14 now. 

That said, I’ve been trying out iOS 14 over the last few days, and I’m not having any major problems. As well as protecting yourself from security bugs, iOS 14 includes a bunch of new security and privacy features that you can use to lockdown your iPhone.

Source link

You must be logged in to post a comment.