UPDATED 20:15 EST / JANUARY 26 2021

SECURITY

Apple’s iOS 14.4 update addresses security flaws possibly exploited by hackers

Apple Inc. today released updates to its iOS and iPadOS mobile operating systems to address three security flaws that may be actively exploited by hackers in the wild.

iOS 14.4 and iPadOS 14.4 fix two vulnerabilities in Apple’s WebKit engine, the open-source web browser engine that is used by Safari, Mail, the App Store and various other apps. The vulnerabilities are described by Apple as a “logic issue” that could allow an attacker to cause arbitrary code execution.

Apple says that the vulnerabilities, formally named CVE-2021-1871 and CVE-2021-1870, were reported to them by an anonymous researcher and that it was aware of a report that “this issue may have been actively exploited.”

The third vulnerability relates to the kernel in affected devices and is described as allowing a malicious application to elevate privileges. CVE-2021-1782, like the other two privileges addressed in the update, was reported by an anonymous researcher. Apple also said it was aware of reports that the issue may have been actively exploited.

The more particular details of all three vulnerabilities have not been disclosed through the common vulnerabilities and exposures database. The relative vulnerability numbers currently say on CVE Mitre that they have been “reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.”

Along with addressing the three security vulnerabilities, iOS 14.4 and iPad 14.4 also offered several other updates. According to CNET, the update adds support for an iPhone to recognize smaller QR codes than before and also enables warnings for cases where Apple can’t recognize the camera on an iPhone 12 as a first-party camera from Apple. A further fix also addressed an issue of image artifacts in HDR photos taken with the iPhone 12 Pro.

It should go without saying that it’s important to keep any device up to date with updates and security patches. But given the potential severity of the three vulnerabilities, iPhone and iPad users should make sure that they install the update as soon as possible.

The update is available for iPhone 6 and above, iPad Air 2 and later, iPad Mini 4 and up, and the seventh-generation iPod Touch.

Photo: Pxhere

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.