iOS 14.4 was released to the public today. While the update brings in many features, and fixes, to the iPhone, it patches two critical vulnerabilities that could have, or may already have been exploited.
In the document labeled ‘About the security content of iOS 14.4 and iPadOS 14.4,’ Apple highlights the patches that iOS 14.4 brings. The vulnerabilities were related to the Kernel and the WebKit on iPhones. Apple says that all the iPhones running iOS 14 and iPadOS 14 were affected by the vulnerabilities.
The kernel vulnerability notes that an application could have been able to ‘elevate kernel privileges.’ Apple says that they are ‘aware of a report that this issue may have been actively exploited.’ The second vulnerability was related to WebKit, on which Apple notes that a remote attacker may be able to cause arbitrary code execution.
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is awa ..
Support the originator by clicking the read the rest link below.
