Skip to main content

Apple says iOS 14.4 patches 3 security flaws that ‘may have been actively exploited’

Avatar for Chance Miller  | Jan 26 2021 - 12:52 pm PT
0 Comments
How to use iOS 14 most popular features

In addition to the new features detailed earlier today, iOS 14.4 also brings a trio of notable security improvements. In a new Support document published this afternoon, Apple said that iOS 14.4 fixes a kernel vulnerability and two WebKit vulnerabilities, all three of which “may have been actively exploited.”

First, Apple says that iOS 14.4 patches a security vulnerability in the kernel affecting iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). The company only provides a brief description of the details:

  • Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
  • Description: A race condition was addressed with improved locking.

iOS 14.4 also patches two vulnerabilities in WebKit, which is the browser engine used by Safari, affecting the same aforementioned devices:

  • Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  • Description: A logic issue was addressed with improved restrictions.

As TechCrunch rightfully points out, it’s unusual for Apple to denote that a security vulnerability “may have been actively exploited.” The company did not provide any information on who might have fallen victim:

It’s not known who is actively exploiting the vulnerabilities, or who might have fallen victim. Apple did not say if the attack was targeted against a small subset of users or if it was a wider attack. Apple granted anonymity to the individual who submitted the bug, the advisory said.

Apple says that additional details about these vulnerabilities will be provided in the future, but no additional information is currently available. Apple says that all three vulnerabilities were reported by anonymous security researchers.

iOS 14.4 is available to users via an over-the-air update in the Settings app. Simply open the Settings app, choose General, then choose Software Update. With these major security improvements included, we highly recommend updating as soon as possible.

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

iOS 14

iOS 14

iOS 14 was released on September 16th, 2020. New…

Author

Avatar for Chance Miller Chance Miller

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to chance@9to5mac.com