Apple has just released iOS 14.4 and iPadOS 14.4, and the update notes contain some worrisome language (via) Techcrunch) Belongs to. Under the kernel update, Apple notes that “malicious applications may be able to extend privileges,” and under the WebKit update, it states that “a remote attacker may cause arbitrary code execution.” After both statements, the update notes, “Apple knows of a report that the issue may have been actively exploited.”
This broadly means that you should update your iOS devices as soon as possible. To put the language simply: Apple found a security hole in its operating system, and there is also evidence that someone may have exploited it. There are no further details in the update notes, so for now, we have no idea who would have used the security breach or what they would be using it for.
Although it was used, security breaches are not minor. Being able to extend privileges means that it can do things it is not capable of doing. Again, there is no description, but broadly, this means that a malicious app could bypass some of Apple’s security protections.
WebKit exploitation is no better. A remote attacker can lead to arbitrary code execution, this means that an attacker can do things on your phone from which you control a website.
This is not to say that it is time to go into total cyber-lockdown mode, but it does mean that 14.4 is not an update you want to turn off for a while. In the meantime, Apple says it will provide additional details soon, so we’ll keep an eye out for more details on the adventures.