- iOS 14.4 rolled out on Tuesday, and in addition to new features and bug fixes, it also patches three security flaws that Apple says “may have been actively exploited.”
- One of the security flaws affected the kernel and two others affected the Safari WebKit engine.
- If you own an iPhone or iPad that can run iOS 14.4 or iPadOS 14.4, download the update now.
Some people wait days, weeks, or even months to update their iPhone to the latest version of iOS, while others open the Settings app to perform the update as soon as the notification pops up. No matter which type of user you are, you might want to expedite the process this time around, because Apple released a support document for iOS 14.4 shortly after it rolled out on Tuesday revealing that the update patches security flaws that “may have been actively exploited.” In other words, you could be putting your private data at risk by waiting to update your iPhone.
The first of the three vulnerabilities the update addresses is in the kernel and affects the iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). Here are the details:
- Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: A race condition was addressed with improved locking.
iOS 14.4 also patches two holes in the WebKit affecting the iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). Once again, Apple provides vague details about the fix:
- Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A logic issue was addressed with improved restrictions.
We have no idea who might have exploited these security flaws, how many people might have been affected, what the attackers might have been able to access, or how long these holes were open. Apple does say that more details about the security issues will be “available soon,” but doesn’t offer a specific window for when that information will be available. For now, we’ll just have to wait until Apple explains what happened.
In the meantime, installing a new iOS or iPadOS update on your iPhone, iPad, or iPod touch couldn’t be easier. Just navigate to Settings > General > Software Update and then tap “Download and Install” at the bottom of that page. If you want, you can also install the update through iTunes by connecting your device to a computer. Whichever method you choose, just make sure to back up your device before installing the update.
In addition to patching these security flaws, iOS 14.4 also includes a number of new features and bug fixes, as well as support for a new Unity watch face for the Apple Watch to celebrate Black History Month.