The new iPhone update fixes security bugs, so its best to install it ASAP  01/26/2021 22:44:28   Mitchell Clark
Illustration by Alex Castro / The Verge

Apple just released iOS 14.4 and iPadOS 14.4, and the update notes contain some worrying language (via TechCrunch). Under kernel updates, Apple notes that a malicious application may be able to elevate privileges, and under WebKit updates, it says a remote attacker may be able to cause arbitrary code execution. After both statements, the update notes say, Apple is aware of a report that this issue may have been actively exploited.

What this means, broadly, is that you should update your iOS devices as soon as possible. To put the language into plain terms: Apple found a security hole in its operating systems, and it also has evidence that someone may have exploited it. The update notes dont have any further details, so for now, we dont know who may have used the security breach or what they may have been using it for.

However it was used, the security breaches arent minor ones. An application being able to elevate privileges means that it could do things its not supposed to be able to do. Again, there arent any details, but broadly speaking, it means a malicious app couldve bypassed some of Apples security protections.

The WebKit exploit isnt better. A remote attacker being able to cause arbitrary code execution means an attacker could do things on your phone just from you visiting a website they control.

This isnt to say its time to go into total cyber-lockdown mode, but it does mean that 14.4 isnt an update you want to put off for a while. In the meantime, Apple says itll provide additional details soon, so well keep an eye out for more information about the exploits.

« Go back