iOS 14.4: Update immediately to shield against security threats

Apple tipped off to three iOS security bugs by an anonymous researcher

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Applehas rolled out patches for three iOS security vulnerabilities, which are said to have been exploited by hackers in the wild.

The company was alerted to the problems via an anonymous tip and bundled the necessary fixes with the recentwider iOS 14.4 update.

The three vulnerabilities are classified as zero-days, meaning they existed in the OS for a period without a patch, and opened the door to privilege escalation and remote code execution attacks.

iOS 14 security vulnerabilities

Apple generally enjoys a stellar reputation where privacy and data security are concerned, and the company had hoped to further extend its lead at the front of the pack with its latest mobileoperating system, iOS 14.

Launched in September, the OS introduced a handful ofprivacy-centric upgrades, including data collection summaries for each App Store app and an overhaul to the way location data is handled.

However, despite the renewed emphasis on security and privacy, a number of iOS security flaws have been identified in the last handful of months alone.

In November, researchers discovered achain of iOS bugsthat could be used for targeted exploitation. Only a month later, it emergedanother flawhad been exploited to launch attacks against a series of Al Jazeera journalists.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The discovery of this latest set of zero-day security vulnerabilities, then, will serve to sow further seeds of doubt over the company’s security credentials.

According to anApple support listing, the first of the three bugs was present in the iOS kernel and created an opportunity for attackers to elevate their privileges. The second and third were described as “logic issues” found in WebKit and allowed remote attackers to “cause arbitrary code execution”.

When chained together, it is thought the vulnerabilities could have allowed hackers to compromise the OS by luring victims to a malicious domain.

Specific details remain scant, but Apple has promised additional information will be made available soon. In the interim, iOS users are advised to update their devices as soon as possible.

ViaZDNet

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats