iOS 14.8.1 and iPadOS 14.8.1 Address Security Vulnerabilities

Originally published at: iOS 14.8.1 and iPadOS 14.8.1 Address Security Vulnerabilities - TidBITS

Apple has released important security updates for iOS 14 and iPadOS 14 for a slew of severe security exploits.

2 iPhone 8s & 2 iPads have updated without problems for me.

TidBITS reader Neil Miller reported a problem with the download, and although the error wasn’t helpful, he noted that he had 29 GB used of 32 GB, and thought that should be enough for a 150 MB update. I suggested clearing some more space since iOS might need more to move things around, and indeed, after he deleted a 2.3 GB app, iOS had no trouble updating. The moral of the story is, make sure you have enough room to update, which could be somewhere between 3 and 5 GB.

Unknown361×640 39.8 KB

I completely misread and your post at first made zero sense to me. The way I read it initially was that he had 29 GB free of 32 GB. But I guess what you intended to convey was that he had used up 29 GB of a 32 GB total. And yeah, I’d also consider that too tight regardless of the size of the (compressed) update package.

Guess you’re not the only one reading too fast these days.

For those who don’t know, the “offload” feature will let you remove an app, but preserve its data. You can reinstall it (via the app store) later on.

When I was using my old phone, where there was rarely enough room to install an update, I would use this feature to make room. Offload a few of the biggest apps, install the update, then reload the apps.

To offload a single app:

• Settings → General → iPhone Storage
• Wait for the list of apps to be populated. This may take some time. Although my iPod Touch populated its list pretty quickly, it took a minute or two on my new iPhone 13. I assume this is a bug Apple needs to fix.
• Select an app to offload (they’re sorted by total storage consumed, app and data)
• Tap Offload App

On the phone’s launcher screen, you will see a cloud icon next to the app’s name, indicating that it is offloaded.

When you want to reinstall the app, do one of the following:

• Via the launcher
  • Tap on the offloaded app’s icon (with the cloud icon next to it’s name)
  • Wait for it to reinstall
  • If you want to launch it, tap again
• Via Settings
  • Go to the app’s Storage page (where you went to offload it)
  • Tap Reinstall App

Two potential warnings

• If the app was removed from the App Store, you might not be able to reinstall it.
• If the app has been updated and you haven’t yet updated it, I think the reinstall process will install the latest version, not the one you previously had.

Which basically means, you want to be a bit careful about what you offload. When I had to do this in the past (on my iPhone 6), I would pick a few large games that I’m actively playing, since I know that they’re still valid in the App Store and if they get updated while they’re offloaded, I will want the updates anyway.

I recommend against using Apple’s automatic offload feature (which automatically offloads infrequently used apps in order to make space as the OS feels is necessary), because you don’t have control over which apps get offloaded or when it will happen. I’m too paranoid to trust that its decisions will never end badly.

I would also suggest looking at apps whose data has gotten huge for no good reason.

For example, I have a game that normally consumes about 150-200MB of data, but on occasion that data has bloated up to 2GB. I assume this is leaked cache data for in-game ads (most of which are videos).

For apps like this, delete and reinstall the app. This blows away its data. For my games, all of the important data re-syncs from the game’s cloud server after I log in.

Of course, if it’s an app where the data is important (e.g. office documents), then make sure you’ve got a backup before you do this!

And now I’m typing too fast too! My original wording was terrible, and I’ve edited to be more clear.

Is anyone else here sick to death of almost constantly having to do software updates? I know they’re necessary, believe me, but they seem to be getting as frequent as those who use Windows…

Well, it’s become much more of a real problem because a) updates are large and b) they take forever to install.

If it were a few megs download and took a few seconds to install and reboot, this would be one thing. And on a phone you could perhaps argue it can update over night. But on the Mac side that’s not always a clear option, yet there—taking a queue from iOS—updates have become even larger and take even longer, much longer actually. It’s mildly ridiculous that despite such vast improvements in performance, somehow this industry thinks multi-GB downloads and 30-min downtime every couple of weeks on premium devices is an acceptable path forward. I’m sure the fix isn’t simple, but I also thought that’s what we were paying top $ for.

I agree completely, but this seems to be an issue with all mainstream operating systems these days. Microsoft Windows also puts out regular updates that may leave your system unusuable for 30-60 minutes while they install.

The Linux world seems to have solved the problem. Linux distributions have well-defined package managers, which can be used to install/update/remove all software, including third-party software not distributed by your Linux distribution. Although there are a few mutually-incompatible package managers (e.g. RPM/yum/dnf, dpkg/apt), they all do a great job of tracking installed software and inter-package dependencies.

Everything on a Linux system is distributed as packages, including the OS kernel and its supporting system libraries/applications.

Updates happen all the time but installing updates is almost always painless. They can be done in the background and rarely require restarting anything.

The big exception is upgrades to the kernel package(s). These can take some time and a reboot is required, but it is only minimally disruptive. This is because the running kernel package is never upgraded in-place. Instead, the new package is installed to a new directory and the boot-loader is updated to point to it. The installation can run in the background, and it will start running after your next reboot - which can be done whenever you want and takes no more time than a normal reboot.

Why Apple and Microsoft don’t work this way is a question I’d love to have answered. I can’t believe the macOS and Windows system architectures are so monolithic that they can’t support a similar mechanism.

They would need to develop a system-wide package management system that is open for third-party developers to use (unlike their current system that’s limited to content from their respective app stores), but that a technical challenge that has been solved many times over the years. The only thing preventing it is a (seeming) lack of interest.

For me, it’s the increasing frequency of the updates that is annoying, especially all the security updates of late. Doesn’t matter if they are large or small.

I cannot update anything overnight as updating requires Wi-Fi, which I do not have at home (long story). And, it’s my experience that updates need monitoring to make sure they have not timed out, etc. So it’s not like you can even continue working while it’s happening…

My iPad gen 5 currently has ios 14.4.2. The option to update to 14.8.1 is not available. I can only update to 15.1.
The ‘Also Available’ does not display on my ipad.
I don’t want to update to 15.1 yet.

How can I get 14.8.1?
There are no IPSW downloads available.

Things aren’t perfect in the Linux world, either. Linus Sebastian of Linus Tech Tips recently broke a Pop_OS! install by trying to install Steam because it was set up to remove a bunch of essential packages for some reason. Pacman on Arch and Manjaro is notorious for breaking installs, especially if you miss a few updates and don’t follow the Arch blog.

And a lot of distros, like Ubuntu, pack in multiple incompatible package managers together, so you get some things installed as .deb and some things installed as Snaps. Oh, and then some things are only available as Flatpaks, so you have to install that on top of the other two.

Use of Linux (and expectations) are quite different. Windows is run 95% of the time on dirt cheap garbage by drones who have no say in their computing environment. So safe to say, we can for the moment disregard both. And BTW, this thread was about iOS. So…

Let’s remind ourselves that Apple’s devices strive to be better than the competition and we usually pay substantially more for them than the average Android (or PC) because of exactly that. IMHO there is just no excuse for not attacking this problem head on. The status quo is not sustainable by any means. That said, the fact that we do not see changes right now does not indicate Apple is ignoring the issue. They might be, but I sure hope not (and I certainly expect they aren’t). My hope is that Apple is already hard at work and will be tackling this issue soon. What we have isn’t working already now, and without change it will certainly only get worse as more exploits are discovered and we continue down this forced annual update schedule road.

I never said Linux got everything right. Quite the contrary - as you yourself pointed out. But they have solved the problem that Apple and Microsoft both have, of forcing you to take your system off-line for minutes-to-hours whenever an OS update is released.

Regarding Linus’s bad experience…

Linux’s biggest benefit (many distributions from many different projects) is also its biggest problem. Some of those distributions are just brain-dead, and as Linus figured out, web searching is practically useless to help you pick one.

His experience with Pop! is inexcusable. The fact that installing an allegedly popular package (Steam) from Pop!'s own package manager broke the entire OS installation is proof to me that the Pop! maintainers really have no idea what they’re doing. How they manage to have a good reputation is beyond me.

I’ve been using Linux for quite a long time and I have never used any of the allegedly popular distributions. I stick with the well-established ones that are known for their stability, even if they don’t bundle the latest and greatest features. This means RedHat/CentOS, Debian and Ubuntu LTS. These distributions are very selective about the packages they include and updates are thoroughly tested by others before they are released to ordinary users.

But to be fair, I don’t game on any of my computers. If I did, then I might be insisting on getting the bleeding edge of everything in order to get the best support for advanced gaming hardware.

My Linux systems are primarily used for server-like functions (web server, file server, DNS, etc.) And I use them for work, developing embedded software for various microcontroller-based products. They are typically configured to not have a desktop at all (just a basic text console), because they are typically accessed remotely from my Windows and Mac computers (using SSH, VNC and other related access utilities).

I also do a lot of Linux work in VMs (hosted by my Windows and Mac machines), because it’s quick and easy to create per-project virtual environments, so I don’t need to worry about one project’s requirements interfering with another.

Not every package I need is available from the Ubuntu repositories and some don’t have an Ubuntu-compatible binary distribution I can install. For those, I choose to download sources and compile my own copy. I learned, very early on, that trying to use multiple package managers (e.g. RPM and DEB) at once is nothing more than an exercise in pain - it’s actually easier (most of the time) to just build your own instead of trying to shoehorn in a package meant for someone else’s distribution and figure out how to make it work.

Snaps and flatpacks are not actually separate package managers. They don’t (at least they’re not supposed to) modify any part of your OS’s package-based environment. Instead, they (are supposed to) install separate isolated sandboxed per-app environments, so each app’s dependencies can be kept isolated from the rest of the system.

I’ve done some experimenting with containers and I don’t think there’s any technical reason why snaps and flatpacks can’t deliver on their promises. But since I haven’t personally worked with them, I won’t say whether or not they actually do.

But I absolutely do not represent the typical user. I’ve been working with Unix-like systems since the late 80’s, when it was Sun workstations (SunOS), VAX mainframes (Ultrix) and IBM workstations (AIX). So I’ve learned (often the hard way) how to do things (like manually build and install software from sources) that others would find an insurmountable obstacle.

14.8.1 is no longer signed, which is why it doesn’t appear in Also Available. I don’t see any way for you to get there.