Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnThe Hacker NewsTHN:5A5F501198E63180498F1357DAEE0371
HistoryMar 17, 2021 - 8:01 a.m.

Apple May Start Delivering Security Patches Separately From Other OS Updates

2021-03-1708:01:00
The Hacker News
thehackernews.com
83
JSON

Apple may be changing the way it delivers security patches to its devices running iOS and iPadOS mobile operating systems.

According to code spotted in iOS 14.5, the iPhone maker is reportedly working on a method for delivering security fixes independently of other OS updates.

The changes were first reported by the 9to5Mac website.

While Google’s Android has had monthly security patches rolled out that are completely divorced from the OS-related updates, iOS has traditionally bundled security updates along with an upgrade to the latest version of the OS.

For instance, Apple rolled out iOS 14.4.1 earlier this month just to address one security vulnerability in WebKit that could have allowed adversaries to run arbitrary code on devices via malicious web content.

But with this new setting called “Install Security Updates” added to the software update menu, it’s expected that Apple will let users choose between either installing the entire iOS update or just the security updates, in a manner that echoes macOS.

On Macs running older versions of the operating system such as macOS Mojave, Apple has offered standalone update packs, allowing users to get security patches and bug fixes while holding off before installing the latest macOS version available.

Given that iOS 14.5 is still in beta, it’s still unclear how this feature will be implemented, but based on code references, it appears that users who have previously downloaded the security update may be prompted to delete it before installing another iOS update.

By separating security updates from feature-centric updates, the development could also pave the way for issuing out-of-band emergency fixes for devices not running the latest versions of iOS and iPadOS.

iOS 14.5 is already shaping up to be quite a big privacy and security-focused update, what with the company planning to redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google.

In addition, iOS 14.5 will also require apps to ask for users’ permission before tracking them across other apps and websites using the device’s advertising identifier as part of a new framework dubbed App Tracking Transparency.

iOS 14.5 is currently in beta and is expected to be released later this spring.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

JSON