Apple releases iOS 14.4 to fix three security bugs that ‘may have actively been exploited’

iPhone and iPad users have been advised to update their device to the latest operating system, iOS14.4, immediately, owing to three security bugs “that may have actively been exploited” by hackers.

The latest iOS was released last week, and fixes a kernel vulnerability and two WebKit vulnerabilities which have been exploited.

WhatsApp hacking incidents have been on the rise, with Malta’s cybersecurity agency warning of a “dangerous hack that could let cybercriminals access your messages and your contacts”.

The agency warned:

“The hacker will pretend he is a friend and asks you to pass on the verification code you received on your mobile.

“Do not answer! This code is only given when you try and make changes to your account. You should never share security codes with anyone.

“If you do, the hacker will be able to take over your account.

“You’ll no longer have access to your account and the hacker can try and scam your friends as well.

“If you do get a suspicious message from a friend, try ringing them to see if you can talk to them in person and verify what is going on.”

While the agency does not specify that the issue is related iPhone users in particular, anecdotal accounts by apple users have reported an increase in WhatsApp and phone hacking.

In its update, Apple says that iOS 14.4 patches a security issue in the kernel affecting iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch – 7th generation.

Apple only provides a brief description of the details:

Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A race condition was addressed with improved locking.

With regards WebKit vulnerabilities, which is the browser engine used by Safari, security issues are impacting the aforementioned devices. Apple here also gives a brief description of the details:

Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A logic issue was addressed with improved restrictions.

As TechCrunch highlights, it is not usual for Apple to denote that a security vulnerability “may have been actively exploited.” The company did not provide any information on who might have fallen victim.

The perpetrators behind the attacks are not known, or who may have fallen victim. The company also did not say if the attacks have been targeted towards a small group of users, or if issues are widespread.

Apple says that additional details about these vulnerabilities will be provided in the future, but no additional information is currently available. The company reported that all three vulnerabilities were reported by anonymous security researchers.

iOS 14.4 is available to users via an over-the-air update in the Settings app.