There’s a new version of Apple’s iOS software for iPhone and iPad devices, and as usual, Apple is going to start pestering users to update. This time, the nagging comes with a little more urgency. According to Apple, iOS 14.4 includes several important fixes for vulnerabilities that are being actively exploited in the wild.
There are three bugs addressed in the new update: CVE-2021-1782, which is a kernel vulnerability, along with CVE-2021-1871 and CVE-2021-1870 in the WebKit browser engine. Apple notes in the security update alert that all three issues may have been “actively exploited.” That means someone other than Apple and the anonymous researcher who reported the bugs knows about them and is using them to compromise devices. How many devices? Apple won’t say. It could be a highly targeted campaign aimed at a single company or organization, or it could be widespread enough that you should avoid coffee shop Wi-Fi.
Apple is urging everyone to update to iOS 14.4 as quickly as possible. However, it has not provided any details on the nature of the bugs. While the vulnerabilities are floating around in some circles, the internet at large doesn’t know how the exploits work. The more details Apple provides, the easier it’ll be for others to figure it out. Apple will release more details “soon,” but it might be a formality at that point.
Apple (and Google, for that matter) rolls out regular patches that fix bugs and vulnerabilities, but most of the security holes are minor, or at least undisclosed. The goal is to get everyone updated before the specifics of the flaw become public. This was the case in early 2020 when Google discovered a major iOS Wi-Fi vulnerability. It was reported privately to Apple and patched before anyone could use it against iPhone owners. Well, unless you never updated, in which case, you’re in trouble. That trouble is compounded if you don’t update now.
Unfortunately, Apple’s reputation on updates isn’t as sterling as it once was. The performance and battery changes Apple made in the name of optimizing older phones got it in hot water, leading to a $500 million “Batterygate” class action judgment in 2020. The follow-on effect is that some iPhone users have learned to be distrustful of iOS updates. That’s a problem at times like this when there are critical flaws in the OS that have become the basis for damaging hacks.
Most iPhone and iPad owners should be able to get the update for their devices. Apple says iOS 14.4 compatibility goes all the way back to the iPhone 6S, iPad Air 2, iPad Mini 4, and 7th Gen iPod Touch. If you’ve got one of these devices or something newer, iOS 14.4 should be available in your settings.
Google Finds Zero-Day Vulnerability in Chrome, Urges Immediate Updates
If you haven't let Chrome update recently, take the time to do it now.