Apple’s iOS 14.4 fixes three major security flaws that are under active attack by hackers.
Apple’s iOS 14.4 comes with cool new features for your iPhone, but this is an important security update too. That’s because it fixes three major security flaws, all of which Apple has admitted “may have already been actively exploited.”
Apple doesn’t release details with security fixes, mainly so that people have a chance to update their iPhones before more potential attackers get hold of the details. According to an Apple support document the first exploited security flaw in the operating system’s Kernel may allow a malicious application to “elevate privileges.”
The vulnerability, labelled CVE-2021-1782, was reported by a security researcher who currently remains anonymous.
The other two flaws in Apple’s WebKit, the engine that powers the Safari browser, could allow a remote attacker to execute code. The vulnerabilities, CVE-2021-1871 and CVE-2021-1870 were also reported by an anonymous researcher.
iOS 14.4: Why it’s important to update now
Many people like to wait for a while to update their iPhones to new iOS versions, to avoid any bugs, or maybe they are simply too busy. Sometimes this is ok, but with iOS 14.4, it’s important to update as soon as you can.
If something’s been exploited, it means attackers are already successfully using it to attack Apple users. There’s a lot we don’t know: For example, who is being targeted by attackers, and who might have already become a victim.
The kernel vulnerability is “certainly worrying,” says Sean Wright, application security SME lead at Immersive Labs, “especially given there is reason to believe it is being actively exploited.”
Wright says attackers “could likely chain the WebKit vulnerability in order to exploit the kernel exploit remotely, which makes this even more of a risk.”
He advises people to update “with a sense of urgency.”
Apple will likely release more details of the flaws soon, but one thing is clear—updating your iPhones and iPads now should stop attackers from exploiting these flaws.
Sure, we don’t know the details of the iPhone security issues yet, but that’s even more reason to update to the new version. Don’t panic, but do make sure you download and install iOS 14.4 as soon as you can.