In full deployment of iOS 14.4 and iPad OS 14.4, which had to fix
various vulnerabilities, currently exploited by malicious hackers.
The
company is therefore deploying an update of the system on the iPhone
from the iPhone 6S, on the iPad from the iPad Air 2, on the iPad Mini 4
and 5 as well as on the iPod Touch from 4th. generation.
read also: 523 million Facebook user phone numbers are found for sale on Telegram
Three vulnerabilities exploited
The first addition of iOS 14.4 is
a kernel update. However, in a support document, the Cupertino company
explains in full transparency that a malicious application can bypass
Sandbox mode and obtain higher privileges. “This problem is currently
being actively exploited,” says Apple.
The company also fixes two
other flaws this time affecting the WebKit rendering engine used, among
others, by the Safari browser. When exploited, the hacker is able to
execute code remotely on the affected device. According to Apple these
flaws are also actively exploited.
These three attack vectors were identified and then reported by an anonymous researcher. Apple promises more details later.
This is a delicate situation for the company, which is used to
communicating widely about the security of its system and in particular
of its internet browser. Remember that the company now asks all App
Store publishers to clearly mention the user data collected through
their applications.
To update your iPhone or iPad, go to Settings
General Update. Note that the company does not directly inform users of
these issues.
read also: Don't put your iPhone 12 too close to your pacemaker, Apple says so
iOS is regularly the target of attacks
Despite Apple's efforts in the security sector, this is not the first time that vulnerabilities have been discovered within iOS.
In
December, the expert firm Citizen Labs spotted malicious code with the
presence of malware called Kismet. The latter had been developed by the
NSO group working on behalf of the government. In particular, it
targeted journalists and dissidents.
In 2016, NSO had also
developed a similar malware called Pegasus, capable of reading all
messages, activating microphones or even the iPhone camera remotely.
Source : Apple
Post a Comment