The iOS 14.4 been rolled out to the masses. Similar to the previous updates, Apple brings to the table a few noteworthy updates; The ability to scan a smaller QR code or the ability to clarify what audio device is connected via Bluetooth to help with volume adjustment. However, this time around apple’s major concerns was security and which is why they are urging iPhone and iPad users to promptly update their operating systems.
On its support webpage, The company said three security flaws “may have been actively exploited”.
According to the webpage, “an anonymous researcher,” reported the exploits.
Why Apple urges you to update
Apple said two security issues originate from its WebKit, an open-source browser engine primarily used by Safari and iOS browsers. “A remote attacker may be able to cause arbitrary code execution,” the company said in the description note
Kernel, an Apple developer framework, was also affected.
#Apple‘s latest #iOS14.4 and #iPadOS14.4 updates include fixes for two zero-day security flaws that the company believes may have been used in the wild.
https://t.co/E4u9zQAkiG pic.twitter.com/pdNbXSoLsR— AppleInsider (@appleinsider) January 26, 2021
Sean Wright, application security SME lead at Immersive Labs, says, “the kernel vulnerability is certainly worrying, especially given there is reason to believe it is being actively exploited.”
Wright says attackers “could likely chain the Web Kit vulnerability in order to exploit the kernel exploit remotely, which makes this even more of a risk.”
The vulnerabilities it addresses affects the iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
There is no absolute idea as to who might have exploited these security flaws; how many people might have been affected; what the attackers might have been able to access; or how long these holes were open. The company does say that more details about the security issues will be “available soon,”; But doesn’t offer a specific window for when that information will be available.
This is not the first time the company has seen a security breach. In 2019, Google security researchers found that iPhones suffered a massive security breach, with hackers placing monitoring implants. Researchers claimed the infiltration had been going on for at least two years.