iOS 14.4: Update immediately to shield against security threats

News
By published

Apple tipped off to three iOS security bugs by an anonymous researcher

Apple iOS 14 privacy labels
(Image credit: Apple)

Apple has rolled out patches for three iOS security vulnerabilities, which are said to have been exploited by hackers in the wild.

The company was alerted to the problems via an anonymous tip and bundled the necessary fixes with the recent wider iOS 14.4 update.

The three vulnerabilities are classified as zero-days, meaning they existed in the OS for a period without a patch, and opened the door to privilege escalation and remote code execution attacks.

iOS 14 security vulnerabilities

Apple generally enjoys a stellar reputation where privacy and data security are concerned, and the company had hoped to further extend its lead at the front of the pack with its latest mobile operating system, iOS 14.

Launched in September, the OS introduced a handful of privacy-centric upgrades, including data collection summaries for each App Store app and an overhaul to the way location data is handled.

However, despite the renewed emphasis on security and privacy, a number of iOS security flaws have been identified in the last handful of months alone.

In November, researchers discovered a chain of iOS bugs that could be used for targeted exploitation. Only a month later, it emerged another flaw had been exploited to launch attacks against a series of Al Jazeera journalists.

The discovery of this latest set of zero-day security vulnerabilities, then, will serve to sow further seeds of doubt over the company’s security credentials.

According to an Apple support listing, the first of the three bugs was present in the iOS kernel and created an opportunity for attackers to elevate their privileges. The second and third were described as “logic issues” found in WebKit and allowed remote attackers to “cause arbitrary code execution”.

When chained together, it is thought the vulnerabilities could have allowed hackers to compromise the OS by luring victims to a malicious domain.

Specific details remain scant, but Apple has promised additional information will be made available soon. In the interim, iOS users are advised to update their devices as soon as possible.

Via ZDNet

TOPICS
Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.