iOS 14.4 patches vulnerabilities that may have been used by hackers - TechnW3

The vulnerabilities may have been exploited in the wild.

What you need to know

• Apple has patched a number of vulnerabilities with iOS 14.4 and iPadOS 14.4.
• The company says it has received reports of the vulnerabilities being exploited.

Apple's release of iOS 14.4 and iPadOS 14.4 today brought a number of new features, including ultra-wideband handoff for the HomePod mini, labeling Bluetooth devices, and scanning smaller QR codes with the camera app.

According to a new support document released by Apple today, the update also patches three security vulnerabilities that may have been exploited.

The kernel vulnerability enabled a malicious application to elevate privileges and Apple is aware of at least one report where it may have been used in public.

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A race condition was addressed with improved locking.

CVE-2021-1782: an anonymous researcher

A WebKit vulnerability reportedly allowed a remote attacker to cause arbitrary code execution on certain older Apple devices.

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A logic issue was addressed with improved restrictions.

CVE-2021-1871: an anonymous researcher

CVE-2021-1870: an anonymous researcher

If you have any of the devices referenced for any of the vulnerabilities, updating your device to iOS 14.4 or iPadOS 14.4 will patch the security issue. You can learn more by reading the support document.

- TechnW3
from iMore - Learn more. Be more.
via TechnW3