Apple’s iOS 14.4 update addresses security flaws possibly exploited by hackers
Apple Inc. today released updates to its iOS and iPadOS mobile operating systems to address three security flaws that may be actively exploited by hackers in the wild.
iOS 14.4 and iPadOS 14.4 fix two vulnerabilities in Apple’s WebKit engine, the open-source web browser engine that is used by Safari, Mail, the App Store and various other apps. The vulnerabilities are described by Apple as a “logic issue” that could allow an attacker to cause arbitrary code execution.
Apple says that the vulnerabilities, formally named CVE-2021-1871 and CVE-2021-1870, were reported to them by an anonymous researcher and that it was aware of a report that “this issue may have been actively exploited.”
The third vulnerability relates to the kernel in affected devices and is described as allowing a malicious application to elevate privileges. CVE-2021-1782, like the other two privileges addressed in the update, was reported by an anonymous researcher. Apple also said it was aware of reports that the issue may have been actively exploited.
The more particular details of all three vulnerabilities have not been disclosed through the common vulnerabilities and exposures database. The relative vulnerability numbers currently say on CVE Mitre that they have been “reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.”
Along with addressing the three security vulnerabilities, iOS 14.4 and iPad 14.4 also offered several other updates. According to CNET, the update adds support for an iPhone to recognize smaller QR codes than before and also enables warnings for cases where Apple can’t recognize the camera on an iPhone 12 as a first-party camera from Apple. A further fix also addressed an issue of image artifacts in HDR photos taken with the iPhone 12 Pro.
It should go without saying that it’s important to keep any device up to date with updates and security patches. But given the potential severity of the three vulnerabilities, iPhone and iPad users should make sure that they install the update as soon as possible.
The update is available for iPhone 6 and above, iPad Air 2 and later, iPad Mini 4 and up, and the seventh-generation iPod Touch.
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.