Apple released iOS 14.4 on Tuesday with multiple bug fixes and software improvements. It also contained a security update to fix three flaws that Apple said hackers were actively exploiting. A list of Apple security updates can be found on this support page.
iOS 14.4 Apple Security Update
Tracked as CVE-2021-1870, CVE-2021-1871, and CVE-2021-1782, they affect different parts of the iOS operating system. 1870 and 1871 involve WebKit, the browser engine used by Mail and Safari. A bug within WebKit could allow an attacker to remotely run malicious code on a target device.
Meanwhile, 1782 was a flaw within the iOS kernel, which is the core of the operating syste and controls all other aspects of the OS. Using this flaw an attacker could give an iOS app additional privileges. This means giving the app more capabilities than it was originally created with. PCMag concluded that attackers were “chaining” these flaws together to spread malware to Apple users.
All three flaws affected iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). This Apple security update was reported by a security researcher who wished to remain anonymous.