News, Culture & Society

Apple releases iOS 14.4 to fix three flaws that ‘may have been actively exploited’ by hackers

Update your iPhone NOW! Apple releases iOS 14.4 to fix three vulnerabilities that ‘may have been actively exploited’ by hackers

  • Apple released a new version of its operating system to fix three bugs
  • The flaws were found in Kernel and Webkit by ‘anonymous researchers’
  • The new iOS 14.4 also fixes keyboard lag and lets devices read smaller  QR codes

Apple is urging users to update devices with the latest iOS 14.4 to fix three security vulnerabilities that ‘may have been actively exploited’ by hackers.

The tech giant released a statement on its Apple Support page that shows two bugs were identified in Webkit, the browser engine that powers Safari and one in the core operating system, Kernel.

The Kernel flaw was described as a ‘race condition’ that can allow malicious applications to elevate privileges, but the update fixes it with ‘improved locking.’

Vulnerabilities in WebKit have been rectified with improved restrictions, but without the update hackers could remotely access devices ‘to cause arbitrary code execution,’ Apple states.

 

Apple is urging users to update devices with the latest iOS 14.4 to fix three security vulnerabilities that ‘may have been actively exploited’ by hackers. The update can be accessed in Settings, General and then Software Update

Apple rarely announces issues with its systems that could be used by bad actors in malicious activity, but the tech giant is open to receiving reports from others who find a security of privacy vulnerability.

The firm’s site shows an ‘anonymous researcher’ spotted the flaws codenamed ‘CVE-2021-1782,’ ‘CVE-2021-1871’ and ‘CVE-2021-1870.’

Along with fixing the bugs, iOS 14.4 includes other updates for keyboard lag and allows devices to read smaller QR codes.

Apple does pride itself on a security system, but that does not mean the technology is immune to problems.

The tech giant released a statement on its Apple Support page that shows two bugs were identified in Webkit, the browser engine that powers Safari and one in the core operating system, Kernel

The tech giant released a statement on its Apple Support page that shows two bugs were identified in Webkit, the browser engine that powers Safari and one in the core operating system, Kernel

In 2019, Google’s Project Zero found several vulnerabilities in iMessage, with some allowing hackers to send malicious codes via text that granted them access to the device when opened.

Other bugs leveraged a flaw in iOS memory and allowed attackers to hoover data from the phone onto a remote device.

And a few months later, Google’s research group uncovered an ‘indiscriminate’ hacking operation that targeted iPhones used websites to implant malicious software to access photos, user locations and other data.

‘Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,’ said Project Zero’s Ian Beer.

However, Apple responded to the report by calling it misleading and inaccurate.

Apple spokesman Fred Sainz said in a statement the research released by Google created a ‘false impression’ that large numbers of iPhone users may have been compromised.

Sainz said that contrary to what Google claimed, the incident was a ‘narrowly focused’ attack which affected ‘fewer than a dozen websites that focus on content related to the Uighur community, an ethnic minority in China.

Apple recently shared another warning regarding its iPhone 12, which notifies users with pacemakers not to bring their iPhone close to their breast.

The Kernel flaw was described as a ‘race condition’ that can allow malicious applications to elevate privileges, but the update fixes it with ‘improved locking.’ Vulnerabilities in WebKit have been rectified with improved restrictions, but without the update hackers could remotely access devices ‘to cause arbitrary code execution'

The Kernel flaw was described as a ‘race condition’ that can allow malicious applications to elevate privileges, but the update fixes it with ‘improved locking.’ Vulnerabilities in WebKit have been rectified with improved restrictions, but without the update hackers could remotely access devices ‘to cause arbitrary code execution’

The firm’s latest devices feature a technology called MagSafe, which uses in-built magnets to firmly attach accessories like wireless chargers and wallets to the back of the phones.

iPhone 12 devices, released in October last year, also contain components and radios that emit electromagnetic fields.

Apple confirmed the risk applies to all iPhone 12 models – iPhone 12, iPhone 12 mini, iPhone 12 Pro, iPhone 12 Pro Max – and the two MagSafe chargers, the MagSafe Charger and the foldable MagSafe Duo Charger.

Read more at DailyMail.co.uk