Jump to content

Apple says iOS 14.4 fixes three security bugs ‘actively exploited’ by hackers


mood

Recommended Posts

Apple says iOS 14.4 fixes three security bugs ‘actively exploited’ by hackers

 

apple-bugs.jpg?w=1390&crop=1

Image Credits: Bryce Durbin / TechCrunch

 

Apple has released iOS 14.4 with security fixes for three vulnerabilities, said to be under active attack by hackers.

 

The technology giant said in its security update pages for iOS and iPadOS 14.4 that the three bugs affecting iPhones and iPads “may have been actively exploited.” Details of the vulnerabilities are scarce, and an Apple spokesperson declined to comment beyond what’s in the advisory.

 

It’s not known who is actively exploiting the vulnerabilities, or who might have fallen victim. Apple did not say if the attack was targeted against a small subset of users or if it was a wider attack. Apple granted anonymity to the individual who submitted the bug, the advisory said.

 

Two of the bugs were found in WebKit, the browser engine that powers the Safari browser, and the Kernel, the core of the operating system. Some successful exploits use sets of vulnerabilities chained together, rather than a single flaw. It’s not uncommon for attackers to first target vulnerabilities in a device’s browsers as a way to get access to the underlying operating system.

 

Apple said additional details would be available soon, but did not say when.

 

It’s a rare admission by Apple, which prides itself on its security image, that its customers might be under active attack by hackers.

 

In 2019, Google security researchers found a number of malicious websites laced with code that quietly hacked into victims’ iPhones. TechCrunch revealed that the attack was part of an operation, likely by the Chinese government, to spy on Uyghur Muslims. In response, Apple disputed some of Google’s findings in an equally rare public statement, for which Apple faced more criticism for underplaying the severity of the attack.

 

Last month, internet watchdog Citizen Lab found dozens of journalists had their iPhones hacked with a previously unknown vulnerability to install spyware developed by Israel-based NSO Group.

 

In the absence of details, iPhone and iPad users should update to iOS 14.4 as soon as possible.

 

 

Source: Apple says iOS 14.4 fixes three security bugs ‘actively exploited’ by hackers

Link to comment
Share on other sites


  • Replies 1
  • Views 287
  • Created
  • Last Reply
zanderthunder

iOS 14.4 fixes security flaw that may have been actively exploited by malicious apps

210127-apple-ios-14.4.jpg

 

Apple has pushed out its iOS 14.4 software update which addresses several security issues that have been reported earlier. If you’re using an iPhone or iPad, it’s highly recommended that you download this latest update.

 

As pointed out by 9to5Mac, the support document has mentioned a kernel vulnerability and two WebKit vulnerabilities. It mentioned that a malicious app may be able to elevate privileges and Apple is aware of a report that the issue may have been actively exploited. For the WebKit security flaw, a remote attacker might be able to cause a arbitrary code execution. The flaws have been fixed with improved locking and restrictions.

 

Unfortunately, the support document didn’t explicitly mention who or which app is exploiting the vulnerabilities. The three vulnerabilities were reported by anonymous security researchers.

Apart from the security fixes, iOS 14.4 also brings a number improvements. This include the ability to recognise smaller QR codes in the camera app and the option to classify paired Bluetooth devices. It also fixes other issues such as artefacts in HDR photos taken on the iPhone 12 Pro. Another new addition is a notification that will pop-up if you’re using a non-genuine camera on the iPhone 12 series.

 

If you haven’t download iOS 14.4 yet, you can check manually at Settings > General > Software Update. The update is 344.3MB in size.

 

Source: iOS 14.4 fixes security flaw that may have been actively exploited by malicious apps (via SoyaCincau)

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...