IOS 14.4 was released yesterday and has some new features and improvements, but even if you do not care about the news and usually wait a bit to install updates, we recommend that you install this update as soon as you can.
It turns out that Apple in the update has blocked three security flaws that were already in use by hackers to get into the Iphone. This applies to a bug in the kernel and two in Webkit, the html engine used both in Safari and all other apps that display html content on iOS. The kernel bug can lead to root permissions and the Webkit bugs cause arbitrary code to run – for example, the code required to exploit the kernel bug.
IN the article on security content in iOS 14.4 and Ipad OS 14.4, Apple writes that it is aware of a report that the bugs are being actively exploited. Apple thanks an anonymous security researcher for the tips for all three bugs. The company also writes that further details will be published soon.
It is common for jailbreak techniques and other methods that bypass all protection in iOS to exploit bugs in various system components to gradually get deeper into the system, and there are many indications that these three bugs have been part of just such a chain attack. Given that the external bugs are in Webkit, there is a risk that they can only be exploited by someone visiting a specially designed website.
We therefore recommend all Iphone and Ipad users to update to 14.4 immediately.