Apple Says iOS 14.4 Patches Two Vulnerabilities That ‘May Have Been Exploited’

BY Sanuj Bhatia

Published 26 Jan 2021

iOS 14.3 on iPhone 12

iOS 14.4 was released to the public today. While the update brings in many features, and fixes, to the iPhone, it patches two critical vulnerabilities that could have, or may already have been exploited.

In the document labeled ‘About the security content of iOS 14.4 and iPadOS 14.4,’ Apple highlights the patches that iOS 14.4 brings. The vulnerabilities were related to the Kernel and the WebKit on iPhones. Apple says that all the iPhones running iOS 14 and iPadOS 14 were affected by the vulnerabilities.

The kernel vulnerability notes that an application could have been able to ‘elevate kernel privileges.’ Apple says that they are ‘aware of a report that this issue may have been actively exploited.’ The second vulnerability was related to WebKit, on which Apple notes that a remote attacker may be able to cause arbitrary code execution.

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A race condition was addressed with improved locking.

CVE-2021-1782: an anonymous researcher

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A logic issue was addressed with improved restrictions.

CVE-2021-1871: an anonymous researcher

CVE-2021-1870: an anonymous researcher

A kernel is the most important of any operating system. It acts as an interface between applications and hardware on any device, and is responsible for things like disk management, memory management, task management, etc. As per the report by Apple, applications running on 14.3 or lower could have been able to access the kernel. Accessing the kernel could have given the application privileges to control any part of the phone, however, the vulnerability is now fixed.

Apple hasn’t detailed the issues yet. More details of the issue are expected to be released over the next few hours. We’ll update the article as and when we know more about the issue.

iOS 14.4 brings in a new Handoff experience to the HomePod Mini, and adds the ability to scan small QR codes via the default iOS camera app. Read all the changes, fixes, and features iOS 14.4 brings here.

We Want to Hear From You 

Have you updated to iOS 14.4? Which features do you like? Did you know about the vulnerabilities of iOS 14? Do let us know in the comment section below!