iOS 14.4 Patches Vulnerabilities That May Have Been Actively Exploited
Apple today released iOS 14.4 and iPadOS 14.4, and along with a handful of minor new features, the software introduces security fixes for three vulnerabilities that may have been used in the wild.
According to a security support document shared by Apple, there were kernel and WebKit vulnerabilities affecting all iPhones and iPads running iOS or iPadOS 14. The kernel vulnerability could allow a malicious application to elevate privileges, and Apple says it is aware of a report that the issue may have been actively exploited.
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
Apple also says a WebKit issue that allowed for a remote attacker to cause arbitrary code execution may have been actively exploited.
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
There is no other information available at this time, but Apple's support document says that additional information will be "available soon."
Given that significant vulnerabilities are patched in the iOS 14.4 and iPadOS 14.4 updates, those running iOS 14 should update as soon as possible.
Popular Stories
Apple does not approve of the "Hot Tub" pornography app that was released for the iPhone in the EU using alternative app distribution, Apple said in a statement to MacRumors. Further, Apple is concerned about the potential user safety risks with a pornography app, and says that it undermines consumer trust in the Apple ecosystem.
We are deeply concerned about the safety risks that hardcore...
Apple today announced the launch of a new app called "Invites," which is designed to allow users to plan events like birthday parties, graduations, vacations, baby showers, and more.
"With Apple Invites, an event comes to life from the moment the invitation is created, and users can share lasting memories even after they get together," said Brent Chiu-Watson, Apple's senior director of...
Apple previously teased that Powerbeats Pro 2 would be released in 2025, and now an announcement date has leaked. Bloomberg's Mark Gurman today said Apple plans to unveil the wireless earbuds on Tuesday, February 11.
Powerbeats Pro 2 will be priced at $250 in the U.S., he said.
Powerbeats Pro are a sportier, fitness-focused alternative to AirPods Pro with built-in, adjustable ear hooks...
Starting next week, Apple's retail stores will no longer offer AppleCare+ plans as a one-time purchase, according to Bloomberg's Mark Gurman.
Instead, he said the stores will only offer AppleCare+ as a subscription. For example, AppleCare+ for the iPhone 16 Pro Max costs $9.99 per month, or $199 upfront for two years. The latter option would no longer be available at Apple's stores....
As early as this week, Apple plans to introduce a new iCloud-based service for event invites, according to Bloomberg's Mark Gurman.
In his Power On newsletter, Gurman said the new service is codenamed "Confetti" within Apple. He said the service will offer users a "new way to invite people to parties, functions, and meetings." He did not say if this functionality would be available through a ...
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices.
iPhone 17 Pro concept based on rumors
Below, we recap key changes rumored for the iPhone 17 Pro models as of January 2025:
More aluminum: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models ...
Update: The new Apple Invites app has officially been announced.
The main iCloud.com page has seemingly confirmed Apple's rumored invites tool, which has yet to be officially announced by the company.
The page says "Apple Invites" will be an iCloud+ feature:Upgrade to iCloud+ to get more storage, plan events with Apple Invites, and have peace of mind with privacy features like iCloud...
In the European Union, the Digital Markets Act allows developers to distribute iOS apps through alternate app stores. While Apple checks those apps for malware and other malicious content, there are few restrictions on subject matter, unlike Apple's own App Store. As a result, EU users can now download the first dedicated native pornography app created for the iPhone.
Called Hot Tub, the app ...
