Researchers discovered one significant flaw that could be exploited from the browser, allowing watering-hole assaults.
On October 25 and 26, Apple released iOS 14.8.1, iPadOS 14.8.1, watchOS 8.1, and tvOS 15.1, fixing 24 CVEs overall. The CVEs are detailed on Apple's security website, and they include various problems in iOS components that, if abused, may result in arbitrary code execution, sometimes with kernel privileges that would allow an intruder to reach the core of the operating system.
In one incident of a memory-corruption issue in IOMobileFrameBuffer for Apple TV, Apple stated that it is "aware of a report that this problem may have been actively exploited ", a "maybe" that researchers substantiated.
This one is especially concerning because researchers have previously discovered that the issue is exploitable via the browser, making it "ideal for one-click & waterholing mobile attacks," as per the mobile security firm ZecOps earlier this month.
A watering-hole attack occurs when a threat actor places malware on websites that may attract a target in the hopes that someone may ultimately drop in and become infected. Justifiably, Apple keeps information confidential that may aid further attackers to create damage and attack. This flaw might allow an application to run arbitrary code with kernel privileges.
Apple stated earlier this year that it would give users a choice: they could either update to iOS 15 as soon as it was available, or they could stay on iOS 14 and get essential security updates until they were ready to upgrade.
In context with the reason behind the prompt decision, there have been speculations that it had something to do with an "urban mythology" about Apple deliberately slowing down older phones to entice consumers to upgrade.
Maybe it's simply a popular conspiracy idea, but it's based on legal comeuppance, at least in terms of battery life: In 2017, Apple admitted to slowing down phones in order to prevent outdated batteries from abruptly shutting down devices. In November of last year, the corporation was fined $113 million to resolve an investigation into what was known as iPhone “batterygate.”
