One week after Apple carried out its largest iOS and iPad update since September 2020’s version 14.0 release, the company has followed up with a new patch for two zero-day vulnerabilities that let hackers execute malicious code on fully updated devices. Additionally, the new release of 14.5.1 also mitigates issues with a bug in the recent App Tracking Transparency feature included in the previous version.
Both of these vulnerabilities are located in the browser engine Webkit, which provides web content for App Store, Mail and Safari as well as other various apps running on iOS, Linux and macOS. Apple described this attack as the processing of maliciously crafted web content resulting in arbitrary code execution. As of now, these two zero-days have been patched.