Apple Urges Immediate iPhone Update to Block Active Online Hacks
There’s a new version of Apple’s iOS software for iPhone and iPad devices, and as usual, Apple is going to start pestering users to update. This time, the nagging comes with a little more urgency. According to Apple, iOS 14.4 includes several important fixes for vulnerabilities that are being actively exploited in the wild.
There are three bugs addressed in the new update: CVE-2021-1782, which is a kernel vulnerability, along with CVE-2021-1871 and CVE-2021-1870 in the WebKit browser engine. Apple notes in the security update alert that all three issues may have been “actively exploited.” That means someone other than Apple and the anonymous researcher who reported the bugs knows about them and is using them to compromise devices. How many devices? Apple won’t say. It could be a highly targeted campaign aimed at a single company or organization, or it could be widespread enough that you should avoid coffee shop Wi-Fi.
Apple is urging everyone to update to iOS 14.4 as quickly as possible. However, it has not provided any details on the nature of the bugs. While the vulnerabilities are floating around in some circles, the internet at large doesn’t know how the exploits work. The more details Apple provides, the easier it’ll be for others to figure it out. Apple will release more details “soon,” but it might be a formality at that point.
Apple (and Google, for that matter) rolls out regular patches that fix bugs and vulnerabilities, but most of the security holes are minor, or at least undisclosed. The goal is to get everyone updated before the specifics of the flaw become public. This was the case in early 2020 when Google discovered a major iOS Wi-Fi vulnerability. It was reported privately to Apple and patched before anyone could use it against iPhone owners. Well, unless you never updated, in which case, you’re in trouble. That trouble is compounded if you don’t update now.
Unfortunately, Apple’s reputation on updates isn’t as sterling as it once was. The performance and battery changes Apple made in the name of optimizing older phones got it in hot water, leading to a $500 million “Batterygate” class action judgment in 2020. The follow-on effect is that some iPhone users have learned to be distrustful of iOS updates. That’s a problem at times like this when there are critical flaws in the OS that have become the basis for damaging hacks.
Most iPhone and iPad owners should be able to get the update for their devices. Apple says iOS 14.4 compatibility goes all the way back to the iPhone 6S, iPad Air 2, iPad Mini 4, and 7th Gen iPod Touch. If you’ve got one of these devices or something newer, iOS 14.4 should be available in your settings.
Continue reading
Someone Hacked Ray Tracing Into the SNES
Surely, a game console from the 90s couldn't support ray tracing, right? Wrong. Game developer and engineer Ben Carter hacked ray tracing into the Super NES with a little help from an FPGA dev board.
Signal Founder Hacks Cellebrite’s Phone Hacking Tools
The Israeli firm recently bragged that it has helped law enforcement retrieve data from the encrypted Signal chat app. Well, Signal founder Moxie Marlinspike had something to say about that.
New ‘Morpheus’ CPU Design Defeats Hundreds of Hackers in DARPA Tests
A new CPU design has won accolades for defeating the hacking efforts of nearly 600 experts during a DARPA challenge. Its approach could help us close side-channel vulnerabilities in the future.
Knee-Deep in the LED: Hackers Get Doom Running on Ikea Smart Bulb
The devices capable of running Doom keep growing. Today's demonstration? Smart bulbs.