iPhone Security Alert: Update to iOS144 now

iPhone Security Alert: Update to iOS144 now

Apple's iOS 144 and iPadOS 144 were released today (January 26) If you have an Apple device running either iOS 14 or iPadOS 14, an update is recommended These patches fix three security flaws that may be actively exploited by unknown attackers

Apple's security bulletin states that the update fixes a kernel flaw (CVE-2021-1782) and two flaws in the WebKit browser rendering engine that powers Safari (CVE-2021-1870 and CVE-2021-1871) The company states

In both cases, Apple says it is "aware of reports that the issue may have been actively exploited" and refers to the discovery of the flaws as "anonymous researchers"

The kernel flaw is the result of a race condition, whereby a malicious command tries to beat an authorized command to the next step in the process, allowing privilege escalation

The WebKit bug is the result of a "logic problem," meaning almost anything that allows "remote attackers" to "execute arbitrary code," or malware, via the Internet

So far, this is all we know Nothing is known from the CVE (Common Vulnerabilities and Exposures) list of these bugs We don't know who found them, who is using them, how they are attacking iPhones, or even what they do when they succeed Apple has promised to provide "additional information soon"

If it is any consolation, most of the iOS security flaws that have been shown to have been exploited "in the wild" over the past few years have only been used in targeted attacks against specific persons or groups

It doesn't help if you are a celebrity, work in the defense or media industries, or are a political dissident in an oppressive country

Categories