[ad_1]
Apple just released iOS 14.4 and iPadOS 14.4, and patch notes contain disturbing language (via TechCrunch). Under kernel updates, Apple notes that “a malicious application may be able to elevate privileges”, and under WebKit updates it says “that a remote attacker may cause execution of arbitrary code ”. After both statements, the patch notes state, “Apple is aware of a report that this issue may have been actively exploited.”
Basically, that means you need to update your iOS devices ASAP. To put it plainly: Apple has found a security flaw in its operating systems, and it also has evidence that someone may have exploited it. The patch notes don’t have more details, so as of yet, we don’t know who may have used the security hole or what they may have used it for.
However, it has been used, the security vulnerabilities are not minor. An app that can elevate privileges means that it could do things that it is not supposed to be able to do. Again, there are no details, but basically it means that a malicious app could have bypassed some of Apple’s security protections.
The WebKit exploit is no better. A remote attacker being able to cause an arbitrary code to be executed means that an attacker could do things on your phone just by visiting a website they control.
That doesn’t mean it’s time to go into full cyber-locking mode, but it does mean 14.4 isn’t an update you want to put off for a while. In the meantime, Apple says it will provide additional details soon, so we’ll be keeping an eye out for exploits.
[ad_2]
Source link