iOS 14.7 fixes security holes, but Pegasus doesn’t
Apple today releases the notes regarding the security fixes of iOS 14.7 on iPhone and iPadOS 14.7 on iPad. There are a lot of them at different levels. In other words, installing the update is important for security.
Here are the different things iOS 14.7 and iPadOS 14.7 fix for security:
- ActionKit
- Audio
- AVEVideoEncoder
- CoreAudio
- CoreGraphics
- CoreText
- Crash Reporter
- CVMS
- dyld
- Locate
- FontParser
- Identity service
- Image processing
- ImageIO
- Libxml2 kernel
- Measures
- Model I / O
- TCC
- WebKit
- Wireless
Some flaws are more dangerous than others. A few, for example, allow a hacker to execute arbitrary code on the device. Others manage to bypass certain privacy settings. Another provided access to data from the Locate service.
Apple takes the opportunity to confirm that the Wi-Fi bug is now a thing of the past with iOS 14.7. As a reminder, some network names could completely disable iPhone Wi-Fi. “This problem was solved by improving the controls”, simply indicates Apple.
Another important point is the Pegasus project which has been making a lot of talk for the past few days. This spy software, which could be injected thanks to a flaw in iMessage that did not require the user to click on a link, has made it possible to spy on several politicians, journalists and human rights activists. Apple does not mention it in its notes. iOS 14.7 therefore does not change anything at this level.