iOS 14.4: Apple fixes three security flaws exploited by hackers

 

 

 

In full deployment of iOS 14.4 and iPad OS 14.4, which had to fix various vulnerabilities, currently exploited by malicious hackers.

The company is therefore deploying an update of the system on the iPhone from the iPhone 6S, on the iPad from the iPad Air 2, on the iPad Mini 4 and 5 as well as on the iPod Touch from 4th. generation.

 

 

read also:  523 million Facebook user phone numbers are found for sale on Telegram

 

 

Three vulnerabilities exploited

The first addition of iOS 14.4 is a kernel update. However, in a support document, the Cupertino company explains in full transparency that a malicious application can bypass Sandbox mode and obtain higher privileges. “This problem is currently being actively exploited,” says Apple.

The company also fixes two other flaws this time affecting the WebKit rendering engine used, among others, by the Safari browser. When exploited, the hacker is able to execute code remotely on the affected device. According to Apple these flaws are also actively exploited.

These three attack vectors were identified and then reported by an anonymous researcher. Apple promises more details later.

 

 

This is a delicate situation for the company, which is used to communicating widely about the security of its system and in particular of its internet browser. Remember that the company now asks all App Store publishers to clearly mention the user data collected through their applications.

To update your iPhone or iPad, go to Settings General Update. Note that the company does not directly inform users of these issues.

 

 

read also:  Don't put your iPhone 12 too close to your pacemaker, Apple says so

 

iOS is regularly the target of attacks

Despite Apple's efforts in the security sector, this is not the first time that vulnerabilities have been discovered within iOS.

In December, the expert firm Citizen Labs spotted malicious code with the presence of malware called Kismet. The latter had been developed by the NSO group working on behalf of the government. In particular, it targeted journalists and dissidents.

In 2016, NSO had also developed a similar malware called Pegasus, capable of reading all messages, activating microphones or even the iPhone camera remotely.

 

Source : Apple