- iOS 14.4 rolled out on Tuesday, January 26, 2021 and in addition to new features and bug fixes, it also patches three security flaws that Apple reports may have been actively exploited.
- One of the security flaws affected the kernel, and two others affected the Safari WebKit engine.
- If you own an iPhone or iPad that can run iOS 14.4 or iPadOS 14.4, download the update now.
Apple reports:
iOS 14.4 and iPadOS 14.4
Released January 26, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
How to Upgrade
Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security.
- The latest version of iOS and iPadOS is 14.4. Learn how to update the software on your iPhone, iPad, or iPod touch.
- The latest version of macOS is 11.1. Learn how to update the software on your Mac and how to allow important background updates.
- The latest version of tvOS is 14.4. Learn how to update the software on your Apple TV.
- The latest version of watchOS is 7.3. Learn how to update the software on your Apple Watch.
Note that after a software update is installed for iOS, iPadOS, tvOS, and watchOS, it cannot be downgraded to the previous version.
