- The bug allows malicious applications to grant privileges to hackers.
- Apple acknowledged the security issue and fixed it in this update.
- Some efficient exploits use sets of vulnerabilities chained together.
Apple has just launched iOS 14.4, iPadOS 14.4, watchOS 7.3, HomepodOS 14.4, and tvOS 14.4. The new update comes with some troubling language in the notes. Under kernel updates, Apple notes that “a malicious application may be able to increase privileges,” and says “a remote attacker may be able to trigger arbitrary code execution under WebKit updates.” After both statements, the update notes say, “Apple is aware of a report that may have actively exploited this issue.
“The technology giant said that the three flaws affecting iPhones and iPads “may have been deliberately exploited” in its security update pages for iOS and iPadOS 14.4. Apple spokesperson refused to comment beyond what is in the advisory.
Who may have fallen prey?
However, Apple did not say much about the exploit. It is unknown if the attack was aimed against a specific subset of users or if it was a larger attack. Apple granted the individual who submitted the bug anonymity. Who is actively exploiting the vulnerabilities is not known yet.
Broadly, what this suggests is that you can update your iOS devices as soon as possible. To put the language in simple terms: Apple has discovered a security vulnerability in its operating systems, and it also has proof that it might have been abused by anyone. There is no more information in the update notes, so we don’t know right now who may have used the security breach or what they may have been using it for.
In WebKit, the browser engine that drives the Safari browser, two of the bugs were identified, and in the Kernel, the core of the operating system. Some efficient exploits, rather than a single vulnerability, use sets of vulnerabilities chained together. It is not unusual for attackers to first target vulnerabilities in the browsers of a computer. Especially as a way to get access to the underlying operating system.
Apple’s Response to the Threat
Apple said that there would be additional information available shortly, but did not specify when. It’s a rare admission by Apple that its customers might be under active attack by hackers, which prides itself on its security image.
Google security researchers discovered a variety of malicious websites laced with code in 2019. These sites quietly hacked the iPhones of victims. The attack was part of an attempt to spy on Uyghur Muslims, possibly carried out by the Chinese government. Also, Apple rejected some of Google’s accusations. Apple received huge criticism for underplaying the seriousness of the attack.
Internet watchdog Citizen Lab discovered some shocking facts last month. a previously unknown vulnerability hacked iPhones of hundreds of journalists. The Israel-based NSO Group created the spyware. iPhone and iPad users should upgrade to iOS 14.4 as soon as possible.