iOS 14.4: Update immediately to shield against security threats

Apple iOS 14 privacy labels
(Image credit: Apple)
Audio player loading…

Apple has rolled out patches for three iOS security vulnerabilities, which are said to have been exploited by hackers in the wild.

The company was alerted to the problems via an anonymous tip and bundled the necessary fixes with the recent wider iOS 14.4 update (opens in new tab).

The three vulnerabilities are classified as zero-days, meaning they existed in the OS for a period without a patch, and opened the door to privilege escalation and remote code execution attacks.

iOS 14 security vulnerabilities

Apple generally enjoys a stellar reputation where privacy and data security are concerned, and the company had hoped to further extend its lead at the front of the pack with its latest mobile operating system, iOS 14.

Launched in September, the OS introduced a handful of privacy-centric upgrades (opens in new tab), including data collection summaries for each App Store app and an overhaul to the way location data is handled.

However, despite the renewed emphasis on security and privacy, a number of iOS security flaws have been identified in the last handful of months alone.

In November, researchers discovered a chain of iOS bugs (opens in new tab) that could be used for targeted exploitation. Only a month later, it emerged another flaw (opens in new tab) had been exploited to launch attacks against a series of Al Jazeera journalists.

The discovery of this latest set of zero-day security vulnerabilities, then, will serve to sow further seeds of doubt over the company’s security credentials.

According to an Apple support listing (opens in new tab), the first of the three bugs was present in the iOS kernel and created an opportunity for attackers to elevate their privileges. The second and third were described as “logic issues” found in WebKit and allowed remote attackers to “cause arbitrary code execution”.

When chained together, it is thought the vulnerabilities could have allowed hackers to compromise the OS by luring victims to a malicious domain.

Specific details remain scant, but Apple has promised additional information will be made available soon. In the interim, iOS users are advised to update their devices as soon as possible.

Via ZDNet (opens in new tab)

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.