iOS 14.4 Patches Vulnerabilities That May Have Been Actively Exploited

Apple today released iOS 14.4 and iPadOS 14.4, and along with a handful of minor new features, the software introduces security fixes for three vulnerabilities that may have been used in the wild.

14
According to a security support document shared by Apple, there were kernel and WebKit vulnerabilities affecting all iPhones and iPads running iOS or iPadOS 14. The kernel vulnerability could allow a malicious application to elevate privileges, and Apple says it is aware of a report that the issue may have been actively exploited.

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher

Apple also says a WebKit issue that allowed for a remote attacker to cause arbitrary code execution may have been actively exploited.

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher

There is no other information available at this time, but Apple's support document says that additional information will be "available soon."

Given that significant vulnerabilities are patched in the iOS 14.4 and iPadOS 14.4 updates, those running iOS 14 should update as soon as possible.

Top Rated Comments

LFC2020 Avatar
10 months ago
Great work apple, you don’t get this kind of support with android, may the walled garden continue to blossom. ???
Score: 9 Votes (Like | Disagree)
Unregistered 4U Avatar
10 months ago
The security researchers I admire? These ones:

CVE-2021-1782: an anonymous researcher
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher

Never have to worry about if they’re doing it to drive business or for publicity :)
Score: 7 Votes (Like | Disagree)
fhall1 Avatar
10 months ago

Remember updating to that abortion OS called Catalina???
Nope - so far my machines are still running Mojave
Score: 6 Votes (Like | Disagree)
Apple_Robert Avatar
10 months ago
I am glad Apple is so proactive in this area.
Score: 5 Votes (Like | Disagree)
zorinlynx Avatar
10 months ago
I wonder if these holes are in iOS 12; lots of iPhone 6 users still out there, like my mom.
Score: 5 Votes (Like | Disagree)
Apple_Robert Avatar
10 months ago

And this, folks, is why one should always stay up to date.
Exactly. Too many people around here don't update their device because they afraid of performance. In my opinion, security takes precedence.
Score: 4 Votes (Like | Disagree)

Related Stories

14

Apple Seeds RC Versions iOS 14.5 and iPadOS 14.5 to Developers

Tuesday April 20, 2021 11:13 am PDT by
Apple today seeded the RC versions of upcoming iOS 14.5 and iPadOS 14.5 updates to developers for testing purposes, with the new beta updates coming one week after Apple released the eighth iOS and iPadOS 14.5 betas. iOS and iPadOS 14.5 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. iOS 14.5 is the...
iOS 14

Apple Stops Signing iOS 14.4.2 After Releasing iOS 14.5.1 With Fix for Actively Exploited Security Issues

Monday May 3, 2021 1:25 pm PDT by
Following today's release of iOS 14.5.1 and last week's release of iOS 14.5, Apple has stopped signing iOS 14.4.2, the previously available version of iOS 14 released on March 26. With iOS 14.4.2 no longer being signed, it is not possible to downgrade to iOS 14.4.2 from iOS 14.5 or iOS 14.5.1 if you've already updated your iPhone or iPad. Apple routinely stops signing older versions of...
iPad mini pro feature

iPad Mini With Slimmer Bezels and No Home Button Coming Later This Year

Thursday June 3, 2021 9:50 pm PDT by
Apple is working on a revamped version of the iPad mini that will feature the first design update the smaller-sized tablet has seen in six years, according to a new report from Bloomberg. The updated iPad mini will feature narrower screen bezels, with Apple also testing a design that does away with the Home button. We've heard several prior rumors about Apple's work on a new version of the...
unc0ver version 6 release

Jailbreak Tool 'unc0ver' 6.0.0 Released With iOS 14.3 Compatibility

Sunday February 28, 2021 9:26 am PST by
The team behind the "unc0ver" jailbreaking tool for iOS has released version 6.0.0 of its software, which can allegedly be used to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability. The unc0ver website describes how the tool has been extensively tested across a range of iOS devices running various software versions, including an iPhone 12 Pro Max running iOS ...
iOS 14

Apple Releases iOS and iPadOS 14.4.2 to Fix Actively Exploited Security Vulnerability

Friday March 26, 2021 10:01 am PDT by
Apple today released iOS and iPadOS 14.4.2, minor security updates that come close to three weeks after the release of iOS/iPadOS 14.4.1 and more than a month after the iOS/iPadOS 14.4 updates. The iOS and iPadOS 14.4.2 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings >...
iOS 14 on iPhone feature emergency

Apple Seeds First Betas of iOS and iPadOS 14.6 to Developers

Thursday April 22, 2021 1:29 pm PDT by
Apple today seeded the first betas of new iOS and iPadOS 14.6 updates to developers for testing purposes, with the new software available just ahead of when Apple plans to release iOS 14.5. iOS and iPadOS 14.6 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. There is no word yet on what's included in...
iOS 14 on iPhone feature emergency

Apple Releases iOS and iPadOS 14.5.1 With Fixes for App Tracking Transparency Bug, WebKit Security Issues

Monday May 3, 2021 10:04 am PDT by
Apple today released iOS and iPadOS 14.5.1, minor security updates that come just a week after the release of the iOS 14.5 update. There is also a companion watchOS 7.4.1 update for Apple Watch and an iOS 12.5.3 update for older iPhone and iPad devices that don't support Apple's latest operating system versions. According to Apple's release notes, the update fixes a bug with App Tracking...
macOS Big Sur Feature Blue

Update to macOS 11.4 NOW - Someone Could Be Spying On You

Sunday May 30, 2021 9:40 am PDT by
Apple's recently released macOS Big Sur 11.4 update addresses a serious security vulnerability, so all users should complete the software update immediately. Jamf, a mobile device management company, raised a major security issue in macOS Big Sur that allowed attackers to piggyback apps like Zoom to surreptitiously take screenshots and record the screen. The exploit allowed a user's Privacy...
14

Apple Releases iOS and iPadOS 14.6 With Apple Card Family, Podcast Subscriptions, and More

Monday May 24, 2021 10:09 am PDT by
Apple today released iOS and iPadOS 14.6, marking the sixth major updates to the iOS and iPadOS operating systems that initially came out in September 2020. iOS 14.6 comes one month after the launch of iOS 14.5, an update that added Apple Watch iPhone unlocking, Apple Maps accident crowdsourcing, and tons more. The iOS and iPadOS 14.5 updates can be downloaded for free and the software is...
jamf malware secret screenshots

macOS Big Sur 11.4 Addresses Vulnerability That Could Let Attackers Take Secret Screenshots

Monday May 24, 2021 5:26 pm PDT by
macOS Big Sur 11.4, which was released this morning, addresses a zero-day vulnerability that could allow attackers to piggyback off of apps like Zoom, taking secret screenshots and surrepetiously recording the screen. Jamf, a mobile device management company, today highlighted a security issue that allowed Privacy preferences to be bypassed, providing an attacker with Full Disk Access,...