Earlier today, Apple released iOS 14.4 to the public. While the new software adds some worthwhile features, it appears it also patches some potentially serious security bugs in the mobile OS.
TechCrunch was the first to note the change. Apple itself released a support document detailing the “security content” of iOS 14.4 and iPadOS 14.4. Apple’s documentation says that the security bugs are related to the kernel and WebKit (the browser engine used by Safari). There are two vulnerabilities patched with the latter.
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
Apple doesn’t share any additional information at the moment. However, the company does say more info will be shared at a later date. The company notes that each of the security issues were submitted to Apple by anonymous security researchers.
But, as is par for the course, making sure to upgrade to the newest version of iOS is always important. iOS 14.4 (and iPadOS 14.4) is available now as a free upgrade.