Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

iOS 14.4 Patches Vulnerabilities That May Have Been Actively Exploited

MacRumors

macrumors bot
Original poster
Apr 12, 2001
51,488
13,129


Apple today released iOS 14.4 and iPadOS 14.4, and along with a handful of minor new features, the software introduces security fixes for three vulnerabilities that may have been used in the wild.


According to a security support document shared by Apple, there were kernel and WebKit vulnerabilities affecting all iPhones and iPads running iOS or iPadOS 14. The kernel vulnerability could allow a malicious application to elevate privileges, and Apple says it is aware of a report that the issue may have been actively exploited.
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
Apple also says a WebKit issue that allowed for a remote attacker to cause arbitrary code execution may have been actively exploited.
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
There is no other information available at this time, but Apple's support document says that additional information will be "available soon."

Given that significant vulnerabilities are patched in the iOS 14.4 and iPadOS 14.4 updates, those running iOS 14 should update as soon as possible.

Article Link: iOS 14.4 Patches Vulnerabilities That May Have Been Actively Exploited
 
Last edited:
  • Like
Reactions: aesc80

jz0309

macrumors 65816
Sep 25, 2018
1,425
3,022
Temecula, CA
Good, in the process of upgrading right now. Was not worth it for the features but had anticipated something like this.
 
  • Like
Reactions: Morod
Comment

Natzoo

macrumors 68000
Sep 16, 2014
1,632
370
Good update but doesn't it make third-party replacements harder at the same time? I forgot the video but 14.4 locks down more parts to the device. Going to update in a few days just to make sure there aren't any bugs.
 
Comment

FNH15

macrumors 6502
Apr 19, 2011
425
412
I wonder if these holes are in iOS 12; lots of iPhone 6 users still out there, like my mom.
If it’s present in iOS 12, chances are Apple will patch it - they seem to be supporting the most recent iOS and one before it (iOS 13 doesn’t count as all iOS 13 devices can upgrade to 14).
 
  • Like
Reactions: raybo
Comment

0ID0

macrumors newbie
Jan 1, 2021
6
4
What about the soooo long trumpeted PRIVACY dingdong? The trackers and data thief's are still not prepared?
Fingerprinting not ready? And Apple obediently waiting for them. Phew!
 
Comment

randyhudson

macrumors 6502
Oct 28, 2007
377
469
East Coast
The security researchers I admire? These ones:

CVE-2021-1782: an anonymous researcher
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher

Never have to worry about if they’re doing it to drive business or for publicity :)
It is typical for the reporter and the technical details of the vulnerability to be withheld for a period of time while affected systems can be upgraded.

Apple pays bounties, so most likely the reporter is known.
 
Comment

aesc80

macrumors 6502a
Mar 24, 2015
804
1,598
Very appreciative of how proactive Apple is with their OS. It's def one of the reason to stay on point with their updates (granted, some can be a pain, but it's times like these where the benefits outweigh the risks).
 
Comment

Unregistered 4U

macrumors 68020
Jul 22, 2002
2,278
1,429
It is typical for the reporter and the technical details of the vulnerability to be withheld for a period of time while affected systems can be upgraded.

Apple pays bounties, so most likely the reporter is known.
Oh, they’re known for the work they do with the individuals they work with. I’m talking about the “security researchers” that make it their week’s work to go on and on about a vulnerability that requires:
1. Physical access to your device, that has been
2. Unlocked by you and
3. You’re also giving them additional personal information about you :)

I’ve always said the REAL researchers are the ones you don’t know the name of.
 
Comment

OhneFrust

macrumors newbie
Jan 26, 2021
1
0
Wasn't Apple going to give us cross app tracking prevention with this update? Or has it been delayed to 14.5?
 
Comment

MacBH928

Contributor
May 17, 2008
5,337
2,090
Seriously, did any one ever been attacked by these vulnerabilities? I keep hearing about them on updates, but people seem to run years outdated software just fine. I am not saying this is bad, just wondering if these vulnerabilities are all that serious.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.