iOS 14.4 Patched Two Vulnerabilities That May Have Been Actively Exploited

Submit

Apple recently released iOS 14.4 and iPadOS 14.4 recently along with other software updates. While the updates bring several important features to the mix, it also boasts security fixes. Pertaining to iOS 14.4, it fixed three vulnerabilities that may have been actively exploited. Apple released its security support document highlighting the details on the said vulnerabilities. However, Apple's latest iOS 14.4 update has patched the exploits.

iOS 14.4 Fixed Vulnerabilities That May Have Been Exploited in the Wild

As mentioned earlier, Apple was aware of the vulnerabilities and that they have been fixed. The company's security support document shared that there were WebKit and kernel vulnerabilities that affected all iOS and iPadOS devices that were running iOS 14 and iPadOS 14. The exploit could allow malicious applications to increase privileges. In addition to this, Apple says that it was aware of a report that the vulnerabilities might have been used in the wild.

macOS 11.2.2 Released with Crucial USB-C Fix for MacBook Pro and MacBook Air Users

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher

Apple also highlighted that a WebKit issue may have been exploited as well, allowing the remote hacker to cause arbitrary code execution. The report does not share any further information on the subject at this point in time. However, the document does say that additional information will be "available soon". iOS 14.4 update is a must-download since it fixed major vulnerabilities that plagued the platform.

Available for: ‌iPhone‌ 6s and later, ‌iPad Air‌ 2 and later, ‌iPad mini‌ 4 and later, and ‌iPod touch‌ (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher

With that said, we would totally recommend users upgrade to the latest iOS 14.4 build. This is due to the fact that any iOS 14 update before today's iOS 14.4 update might have featured major vulnerabilities. So do update to the latest build as soon as you can.

That's all there is to it, folks. We will share more details on the story as soon as we have more information regarding it. Until then, what are your thoughts on iOS security? Share your views with us in the comments.

Products mentioned in this post

iPad Air
iPad Air
USD 599
iPod Touch
iPod Touch
USD 194.95

The links above are affiliate links. As an Amazon Associate, Wccftech.com may earn from qualifying purchases.

Submit