Here’s a public service announcement for iPhone users, with the latest iOS 14.4 and iPadOS 14.4 updates from Apple designed to address some rather concerning issues with the mobile operating systems.
Said issue impacts two elements of the OS in particular – the kernel and webkit, according to the patch notes released by the Cupertino-based firm. While Apple does not fully divulge what the cause of the issue is, it does note that the vulnerability found in the previous versions of the operating systems is actively being exploited.
This essentially means that if you have one of the below listed devices, you should definitely be updating to iOS 14.4 or iPadOS 14.4.
“Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher,” explains the patch notes.
Again, we do not have a full explanation as to what this vulnerability can do precisely, but the fact that it can circumvent elevate privileges is quite concerning, meaning that aspects of the OS can be changed or altered without the user’s consent or knowledge.
As such, we’re advising that any and all iPhone, iPad and iPod Touch users update to 14.4 if possible. Apple says it will share additional details in coming days, but in the interim, download and install the update.