iOS 14.4: Update immediately to shield against security threats

News
By
published

Apple tipped off to three iOS security bugs by an anonymous researcher

Apple iOS 14 privacy labels
(Image credit: Apple)

Apple has rolled out patches for three iOS security vulnerabilities, which are said to have been exploited by hackers in the wild.

The company was alerted to the problems via an anonymous tip and bundled the necessary fixes with the recent wider iOS 14.4 update.

The three vulnerabilities are classified as zero-days, meaning they existed in the OS for a period without a patch, and opened the door to privilege escalation and remote code execution attacks.

iOS 14 security vulnerabilities

Apple generally enjoys a stellar reputation where privacy and data security are concerned, and the company had hoped to further extend its lead at the front of the pack with its latest mobile operating system, iOS 14.

Launched in September, the OS introduced a handful of privacy-centric upgrades, including data collection summaries for each App Store app and an overhaul to the way location data is handled.

However, despite the renewed emphasis on security and privacy, a number of iOS security flaws have been identified in the last handful of months alone.

In November, researchers discovered a chain of iOS bugs that could be used for targeted exploitation. Only a month later, it emerged another flaw had been exploited to launch attacks against a series of Al Jazeera journalists.

The discovery of this latest set of zero-day security vulnerabilities, then, will serve to sow further seeds of doubt over the company’s security credentials.

According to an Apple support listing, the first of the three bugs was present in the iOS kernel and created an opportunity for attackers to elevate their privileges. The second and third were described as “logic issues” found in WebKit and allowed remote attackers to “cause arbitrary code execution”.

When chained together, it is thought the vulnerabilities could have allowed hackers to compromise the OS by luring victims to a malicious domain.

Specific details remain scant, but Apple has promised additional information will be made available soon. In the interim, iOS users are advised to update their devices as soon as possible.

Via ZDNet

TOPICS
Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
Google Gemini iPhone Lock Screen

You can now access Gemini from your iPhone's lock screen
See more latest
Most Popular
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results
Beelink ME Mini
One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple's PowerMac G4 Cube PC - but way smaller
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Maserati MC20 Autonomous
This AI-driven Maserati just hit 197.7mph without a human behind the wheel
AI data center
Is Microsoft hesitating on AI? Days after CEO said it would be upping capacity, analyst claims tech giant has actually cancelled data center leases
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop