Apple launches iOS 14.4: fix high-risk security vulnerabilities
Apple today introduced iOS14.4 & iPadOS14.4 to supported devices. This version optimizes some functions and fixes security issues.
Improvements such as the system camera application can now recognize a smaller QR code and the new Bluetooth device classification option in the settings to connect the device faster.
At the same time, this update Apple also fixed a security vulnerability reported by anonymous researchers. It is reported that this vulnerability has been actively used by hacker groups in the wild.
If the user does not turn off the automatic update, it is expected that the device will complete the automatic update in the near future. If the automatic update is turned off, it is recommended that the user manually check and download the update.
Changelog
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher