MobileNews

Apple says iOS 14.4 patches 3 security flaws that ‘may have been actively exploited’

In addition to the new features detailed earlier today, iOS 14.4 also brings a trio of notable security improvements. In a new Support document published this afternoon, Apple said that iOS 14.4 fixes a kernel vulnerability and two WebKit vulnerabilities, all three of which “may have been actively exploited.”

First, Apple says that iOS 14.4 patches a security vulnerability in the kernel affecting iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). The company only provides a brief description of the details:

  • Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
  • Description: A race condition was addressed with improved locking.

iOS 14.4 also patches two vulnerabilities in WebKit, which is the browser engine used by Safari, affecting the same aforementioned devices:

  • Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  • Description: A logic issue was addressed with improved restrictions.

As TechCrunch rightfully points out, it’s unusual for Apple to denote that a security vulnerability “may have been actively exploited.” The company did not provide any information on who might have fallen victim:

It’s not known who is actively exploiting the vulnerabilities, or who might have fallen victim. Apple did not say if the attack was targeted against a small subset of users or if it was a wider attack. Apple granted anonymity to the individual who submitted the bug, the advisory said.

Apple says that additional details about these vulnerabilities will be provided in the future, but no additional information is currently available. Apple says that all three vulnerabilities were reported by anonymous security researchers.

iOS 14.4 is available to users via an over-the-air update in the Settings app. Simply open the Settings app, choose General, then choose Software Update. With these major security improvements included, we highly recommend updating as soon as possible.


Check out 9to5Mac on YouTube for more Apple news:

Check out the latest Apple iPhones at great prices from Gizmofashion – our recommended retail partner.


Author: Chance Miller
Source: 9TO5Google

Related posts
AI & RoboticsNews

Nvidia and DataStax just made generative AI smarter and leaner — here’s how

AI & RoboticsNews

OpenAI opens up its most powerful model, o1, to third-party developers

AI & RoboticsNews

UAE’s Falcon 3 challenges open-source leaders amid surging demand for small AI models

DefenseNews

Army, Navy conduct key hypersonic missile test

Sign up for our Newsletter and
stay informed!