iOS 14.4 fixes security flaws that might have been actively exploited

With the release of iOS 14.4 and iPadOS 14.4, Apple has patched three previously undisclosed security flaws. As per its support page, these security flaws might have been actively exploited in the wild.

These security flaws, applicable to iPhone, iPod touch, and iPad running iOS 14.3 and prior versions of the operating system, were related to the Kernel, and WebKit, the rendering engine used by Safari and other browsers in iOS. One security issue was related to the Kernel and two were to WebKit.

iOS 14.4 and iPadOS 14.4

Zero-day exploits fixed in iOS 14.4, Apple reports that they were actively exploited before patch

These zero-day exploits were reported by an anonymous researcher. So far, no public information is available for any of them, however, Apple has shared that the issues would have let malicious apps access elevated privileges, and attackers could remotely cause arbitrary code execution.

These are the details shared by Apple for now. The support page mentions that additional details will be available soon. Disclosing more information will be hopeful so organizations can check if they were on the receiving end of these exploits and faced any attacks.

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A race condition was addressed with improved locking.

CVE-2021-1782: an anonymous researcher

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A logic issue was addressed with improved restrictions.

CVE-2021-1871: an anonymous researcher

CVE-2021-1870: an anonymous researcher

It’s always a cat and mouse game between companies Apple and hackers looking to exploits security flaws. The stakes have been raised as state-backed malicious actors have been trying to use flaws to steal information and spy on people. The recent iMessage flaw that allowed journalists’ iPhones to be hacked by Israeli spyware was an eye-opener.

Read more:

About the Author

Technology enthusiast, Internet addict, photography fan, movie buff, music aficionado.

1 comment

Leave a comment