The new iOS 14.4 and iPadOS 14.4 updates from Apple include patches for a trio of potentially serious security vulnerabilities related to the kernel and the Safari browser.
Combined, they enable privilege escalation and remote code execution attacks. A security document on Apple’s website details the security content of iOS 14.4 and iPadOS 14.4. According to the documentation, the three vulnerabilities “may have been actively exploited”. Apple did not reveal whether some of its users might have fallen victim.
How to Update to iOS 14.4
To update your iPhone, iPad or iPod touch to the latest iOS software wirelessly, venture into Settings > General > Software Update. If you see a message saying an update is available, tap “Install Now”. Keep in mind that your device must be plugged into power and connected to the Internet via Wi-Fi for the software update to complete.
You can also update manually using your computer. On a Mac, open the Finder. If you’re using a PC, open iTunes instead. Next, connect the iOS device to your computer. Finally, choose General or Settings, then click the button labeled with the text Check for Update.
A Game of Cat and Mouse
In recent months, security researchers have discovered a flurry of iOS security vulnerabilities that could be used for targeted exploitation. After being tipped off to some of them, Apple’s included the necessary security patches in iOS 14.4 and iPadOS 14.4.
A zero-day vulnerability is an exploit in a piece of computer software that’s unknown to the software vendor. These can go unnoticed for a period of time. As a result, hackers can freely exploit a zero-day vulnerability in the wild until it is mitigated.
Finding these vulnerabilities before they are exploited is a game of cat and mouse. It’s suspected that a zero-day exploit was used in carrying out recent attacks against Al Jazeera journalists. Security experts suspect that an attacker hacked journalists’ iPhones with a zero-day iOS exploit, which opened the door to a piece of spyware.
Zero-day exploits are also used in jailbreaking, a process that removes Apple’s iOS protections to let people install unsanctioned software outside of the App Store.
Apple’s Tarnished Security Image
In recent months, security researchers have discovered a flurry of iOS security vulnerabilities that could be used for targeted exploitation. This can come as a surprise given Apple’s track record of privacy and its reputation in terms of data security.
Apple’s promised to share additional information about the three vulnerabilities in iOS 14.4 at a later date. In the absence of details, however, you’re recommended to update your iPhone and iPad right now, or at your earliest convenience, to avoid becoming hacking targets.