iOS 14.4 Patches Vulnerabilities That May Have Been Actively Exploited
Apple today released iOS 14.4 and iPadOS 14.4, and along with a handful of minor new features, the software introduces security fixes for three vulnerabilities that may have been used in the wild.
According to a security support document shared by Apple, there were kernel and WebKit vulnerabilities affecting all iPhones and iPads running iOS or iPadOS 14. The kernel vulnerability could allow a malicious application to elevate privileges, and Apple says it is aware of a report that the issue may have been actively exploited.
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
Apple also says a WebKit issue that allowed for a remote attacker to cause arbitrary code execution may have been actively exploited.
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
There is no other information available at this time, but Apple's support document says that additional information will be "available soon."
Given that significant vulnerabilities are patched in the iOS 14.4 and iPadOS 14.4 updates, those running iOS 14 should update as soon as possible.
Related Stories
Apple today seeded the RC versions of upcoming iOS 14.5 and iPadOS 14.5 updates to developers for testing purposes, with the new beta updates coming one week after Apple released the eighth iOS and iPadOS 14.5 betas.
iOS and iPadOS 14.5 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad.
iOS 14.5 is the...
Following today's release of iOS 14.5.1 and last week's release of iOS 14.5, Apple has stopped signing iOS 14.4.2, the previously available version of iOS 14 released on March 26. With iOS 14.4.2 no longer being signed, it is not possible to downgrade to iOS 14.4.2 from iOS 14.5 or iOS 14.5.1 if you've already updated your iPhone or iPad.
Apple routinely stops signing older versions of...
Apple is working on a revamped version of the iPad mini that will feature the first design update the smaller-sized tablet has seen in six years, according to a new report from Bloomberg.
The updated iPad mini will feature narrower screen bezels, with Apple also testing a design that does away with the Home button. We've heard several prior rumors about Apple's work on a new version of the...
The team behind the "unc0ver" jailbreaking tool for iOS has released version 6.0.0 of its software, which can allegedly be used to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability.
The unc0ver website describes how the tool has been extensively tested across a range of iOS devices running various software versions, including an iPhone 12 Pro Max running iOS ...
Apple today released iOS and iPadOS 14.4.2, minor security updates that come close to three weeks after the release of iOS/iPadOS 14.4.1 and more than a month after the iOS/iPadOS 14.4 updates.
The iOS and iPadOS 14.4.2 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings >...
Apple today seeded the first betas of new iOS and iPadOS 14.6 updates to developers for testing purposes, with the new software available just ahead of when Apple plans to release iOS 14.5. iOS and iPadOS 14.6 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad.
There is no word yet on what's included in...
Apple today released iOS and iPadOS 14.5.1, minor security updates that come just a week after the release of the iOS 14.5 update. There is also a companion watchOS 7.4.1 update for Apple Watch and an iOS 12.5.3 update for older iPhone and iPad devices that don't support Apple's latest operating system versions.
According to Apple's release notes, the update fixes a bug with App Tracking...
Apple's recently released macOS Big Sur 11.4 update addresses a serious security vulnerability, so all users should complete the software update immediately.
Jamf, a mobile device management company, raised a major security issue in macOS Big Sur that allowed attackers to piggyback apps like Zoom to surreptitiously take screenshots and record the screen. The exploit allowed a user's Privacy...
Apple today released iOS and iPadOS 14.6, marking the sixth major updates to the iOS and iPadOS operating systems that initially came out in September 2020. iOS 14.6 comes one month after the launch of iOS 14.5, an update that added Apple Watch iPhone unlocking, Apple Maps accident crowdsourcing, and tons more.
The iOS and iPadOS 14.5 updates can be downloaded for free and the software is...
macOS Big Sur 11.4, which was released this morning, addresses a zero-day vulnerability that could allow attackers to piggyback off of apps like Zoom, taking secret screenshots and surrepetiously recording the screen.
Jamf, a mobile device management company, today highlighted a security issue that allowed Privacy preferences to be bypassed, providing an attacker with Full Disk Access,...
Top Rated Comments
CVE-2021-1782: an anonymous researcher
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
Never have to worry about if they’re doing it to drive business or for publicity :)