In addition to the new features detailed earlier today, iOS 14.4 also brings a trio of notable security improvements. In a new Support document published this afternoon, Apple said that iOS 14.4 fixes a kernel vulnerability and two WebKit vulnerabilities, all three of which “may have been actively exploited.”
First, Apple says that iOS 14.4 patches a security vulnerability in the kernel affecting iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). The company only provides a brief description of the details:
- Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: A race condition was addressed with improved locking.
iOS 14.4 also patches two vulnerabilities in WebKit, which is the browser engine used by Safari, affecting the same aforementioned devices:
- Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A logic issue was addressed with improved restrictions.
As TechCrunch rightfully points out, it’s unusual for Apple to denote that a security vulnerability “may have been actively exploited.” The company did not provide any information on who might have fallen victim:
It’s not known who is actively exploiting the vulnerabilities, or who might have fallen victim. Apple did not say if the attack was targeted against a small subset of users or if it was a wider attack. Apple granted anonymity to the individual who submitted the bug, the advisory said.
Apple says that additional details about these vulnerabilities will be provided in the future, but no additional information is currently available. Apple says that all three vulnerabilities were reported by anonymous security researchers.
iOS 14.4 is available to users via an over-the-air update in the Settings app. Simply open the Settings app, choose General, then choose Software Update. With these major security improvements included, we highly recommend updating as soon as possible.
Author: Chance Miller
Source: 9TO5Google
