Apple released iOS 14.4 in the early evening and this update fixes three security vulnerabilities, in addition to fixing bugs. It turns out that the three flaws have already been exploited by hackers.
Apple announces it on its assistance sheet referring to the three security flaws fixed with iOS 14.4. The first concerned the kernel, namely the very heart of the operating system. “A malicious application may be able to elevate privileges. Apple is aware of a report according to which this problem has been actively exploited “, indicates the manufacturer.
The other two flaws were in WebKit, the Safari browser rendering engine. “A remote attacker may be able to trigger arbitrary code execution. Apple is aware of a report that this problem may have been actively exploited ”, says Apple in its note.
So you get it: it is better to quickly update to iOS 14.4 to plug the three security holes. Their references are CVE-2021-1782, CVE-2021-1871 and CVE-2021-1870.
Apple specifies that it was warned of their existence thanks to an “anonymous researcher”. We don’t know more yet. But Apple promises to share more details soon. The group is certainly expecting the majority of users to install iOS 14.4.