iOS 14.4: Apple Fixes Three Security Bugs, 'Actively Under Attack' By Hackers
Apple says that it has fixed three security vulnerabilities in its latest iOS update. The three bugs affecting both iPhones and iPads may have been actively exploited. Two of these three bugs were found in WebKit the browser engine that powers the Safari browser. One was discovered in Kernel the core of the operating system.
Apple says that it has fixed three security vulnerabilities in its latest iOS update which were previously under active attack by hackers. The security patches have been introduced with the new iOS 14.4 and iPadOS 14.4.
Apple confirmed the developments in a recent security update page for iOS and iPadOS 14.4. The cupertino tech major wrote that the three bugs, affecting both iPhones and iPads, ¡°may have been actively exploited.¡± No more details on the impact of the security issue were provided by Apple.
Two of these three bugs were found in WebKit, the browser engine that powers the Safari browser. One was discovered in Kernel, the core of the operating system, as explained in a report by TechCrunch. It is likely that the threat actors worked these loopholes in tandem for greater success.
In a rare admittance, Apple said that the security vulnerability with Kernel allowed ¡°elevated privileges¡± to malicious applications. On the other hand, using the loopholes with WebKit, a remote attacker ¡°may be able to cause arbitrary code execution,¡± Apple said. This means that those exploiting the loopholes could conduct actions on the victim device as per their whim.
Attackers often first target such vulnerabilities in a device¡¯s browsers, further making their way to access the underlying operating system. The combination of loopholes addressed in the latest iOS update understandably allowed the hackers to do the same.
The lack of information at present does not reveal the bad actors behind the exploitation of the vulnerabilities or even the victims of these attacks. Apple does not even hint at whether the attacks conducted targeting these vulnerabilities were on a small subset of users or impacted a large number of users.
Apple also decided to keep the identity of the security researchers who reported the bugs anonymous. It now urges its users to upgrade to the latest iOS to be safe from such attacks.