iOS 14.4 Patches Vulnerabilities That May Have Been Actively Exploited

[Apple Crusader]

A researcher discovering a vulnerability is not an active exploit. We will soon get more details.

I understand that, however if they discovered the vulnerability and have exploited it with a proof-of-concept, Apple could state that it is actively being exploited in the wild (aka not in Apple's labs).

 

[Rigby]

I understand that, however if they discovered the vulnerability and have exploited it with a proof-of-concept, Apple could state that it is actively being exploited in the wild (aka not in Apple's labs).

No.

 

[Apple Crusader]

No.

Yes.

 

[B4U]

Perhaps another question to ask is, what version of iOS contains this issue?
Let's say for example, it started in 14.2, those on 14.1 will not be affected, right?

 

[vixster1901]

I wish there were security updates Without updating me iOS. Just like macOS

 

[MacBH928]

I am glad Apple is so proactive in this area.

No way to know for sure, unless someone goes public about being exploited. I would rather stay up to date even if the chance is remote, than get complacent and possibly pay a big price down the line.

Yeah I am not saying don't , I am just saying each update there is a huge list of security patches that I never heard anyone got attacked by. Sounds more theoretical stuff. Most competent app developers keep releasing updates and patches nowdays, its what they call a "rolling-release". The software is "alive" , it evolves and changes on daily basis. No longer version upgrades...well maybe some software still do the version upgrades.

RUNNING just fine? Sure. Are they exposed to potential exploits? Yes. Does it matter? It ONLY matters if they’re attacked. Some people seem to leave their house keys under their doormats just fine, but it’s only fine until someone checks under their doormat.

Real hackers never let you know your phone was hacked.

If you're interested, you can check out Google Project Zero's blog for real cases here.

Real-world attacks aren't normally done in a manner that will tell you you've been attacked. Ransomware is an exception, and pretty much the only one that tells you "you've been hacked".
After that, its hoping malicious software scans pick up something - but anyone competent will already have verified that their code doesn't trigger those detections. Once they do, those attacks stop being used because you do not want to tip off your target that you are trying to break in.

Some attacks are after information on your device. Whether thats passwords, bank account details, or confidential information on the upcoming iPhone. So they harvest that, and stay quiet. Some attackers will even purge themselves from your system once they're done.

But many also use your device as a staging ground for attacks against other systems. Systems that may otherwise be inaccessible.
Note: Those systems don't have to be of the same type. An iOS device could be used to gain access to an internal Linux or Windows server, or the control software of a Nuclear plant.

Yeah but in my case I never been exploited and never heard of someone who did, those who did, did something stupid/ignorant like install malicious software they were tricked into it or something like that.

Back in the 90s it was a horror show and people lives were no where near dependent on computers and the internet. I remember one IM app, you could send a virus file from which the attacker can control your PC like opening CD drives and restarting your system.

Anyway to know if a hacker has been into my system since they work in the background?