Apple once again suffers a security flaw that, fortunately, has already been solved, but it is up to the user to apply it on their iPhone. It turns out that previous versions of iOS, the iPhone operating system, contained a number of bugs and security flaws that those in Cupertino believe have been exploited by cybercriminals.
For this reason, the firm has released iOS 14.4 in the last hours with different security fixes for three vulnerabilities . The tech giant claims on its own support page that this update is focused on security for iOS and iPadOS and that version 14.4 fixes the three bugs that “may have been actively exploited.”
There is no more information about it, so at this time it is not known what or who is taking advantage of the vulnerabilities or who could have been a victim. Apple did not want to indicate the volume of devices affected, so we do not know if it is a problem on a large scale or small. The firm has simply stated that additional details will be available soon, but does not give more details or when it will provide them.
What we do know is that you should pay attention to the iOS update message on your mobile and install the new version immediately.
Serious problems in the Kernel and Safari
Two of the bugs were found in WebKit, the browser engine that powers Apple’s browser Safari, while the third, more dangerous still, was found in the Kernel, the core of the operating system. This is how Apple defines them
- CVE-2021-1782: a malicious application can gain access to elevated privileges in the kernel.
- CVE-2021-1870 and CVE-2021-1871: an attacker can execute arbitrary execution code in Webkit remotely.
This Apple security problem reminds us of the flaws discovered in iOS in 2019, giving Google security researchers found several websites with malicious code that silently affected different iPhone models without the victims being aware of it.
Now this notice from Apple comes just after Internet watchdog Citizen Lab discovered last month that dozens of journalists had their iPhones hacked with a previously unknown vulnerability to install spyware developed by the NSO Group.
Whether it’s related or not, we can’t help but insist that you don’t ignore the notice to update your iPhone to iOS 14.4 .
Source>Apple