Apple has released a crucial update for iOS and iPadOS to patch three major security vulnerabilities that may have been actively exploited by hackers. We urge all iPhone and iPad users to update their operating systems to iOS 14.4 and iPadOS 14.4 immediately to ensure their devices are secure and adequately protected from these vulnerabilities.
The iPhone maker released a support document detailing the bugs and their impacts on users. One bug in particular affected the Kernel (essentially the heart of the operating system) and could have allowed a malicious application to elevate privileges. The other two bugs affected the WebKit (the web browser engine that powers Apple's Safari browser and other apps) and could have given a remote attacker the ability to execute arbitrary code.
Apple noted in its documentation that anonymous researchers had discovered all three vulnerabilities, and the tech giant conceded that the bugs could have already been "actively exploited" by malicious actors. Additional details regarding the vulnerabilities and what actors may have specifically targeted and when are unknown, but Apple's acknowledgment that the vulnerabilities may have been exploited is a clear signal the situation had been serious and the risk to users substantial.
Patching vulnerabilities is common in OS updates. However, typically, those vulnerabilities are discovered internally, and patched before they have been exploited in the wild. Evidently, that was not the case here, and the vulnerabilities were left exploitable for malicious actors who could have had the capacity to access iOS users' operating systems.
Theoretically, an attacker could have used the three vulnerabilities in conjunction with one another to first target the bugs in the WebKit as a way of then exploiting the bug in the Kernel to gain access to a user's operating system.
Though it is not known which iOS or iPadOS users may or may not have (as yet) been affected by the exploits, it is now clear that anyone with an iPhone or iPad not running iOS version 14.4 or iPadOS version 14.4 is still vulnerable to the exploits outlined in Apple's support document. It is, therefore, crucial that all iPhone and iPad users update their operating systems to version 14.4 as soon as possible.
To update iOS or iPadOS, users can follow these steps:
- Go to "Settings" (the cog icon).
- Select "General" from the available options.
- Tap on "Software Update".
- Hit "Download and Install" to start updating your OS.
As long as iPhone and iPad users have updated their devices to version 14.4, it will protect their devices from the exploits outlined above, so it is absolutely vital to update as soon as possible.
Enable automatic updates
Users can also enable automatic updates by tapping on "Automatic Updates" and toggling "Download iOS Updates" and "Install iOS Updates" to the 'On' position. Doing this will enable the user's device to download and install iOS and iPadOS updates automatically when the user's device is connected to WiFi. The updates are typically carried out overnight when the user has the device charging and connected to WiFi.
Apple's announcement regarding these exploits not only emphasizes the severity of the vulnerabilities the researchers discovered but also underscores the importance of keeping devices updated with the latest security patches and highlights the fact that even devices known for their security can be vulnerable to exploits.