Apple warned about iOS 14 and iPadOS 14 security bugs

Apple recently discovered three new security bugs of iOS 14 and iPadOS 14 that opened a backdoor for hackers. The updates about vulnerabilities published on Apple’s Security Update page. As it is a critical security loophole, Apple hasn’t disclosed full details about the compromised part of iPadOS and iOS 14. But Apple released new iOS 14.4 and iPadOS 14.4 as part of security patches update.

Affected devices due to the iOS 14.4 and iPadOS 14.4 security bugs:

Apple confirmed the list of devices got affected by these vulnerabilities as below.  And if you are the user of one of these devices, please update your iPhone or iPad with iOS 14.4 and iPadOS 14.4 ASAP. But keep in mind that it’s not yet 100% secure and Apple will update once security bugs fully patched.

  • iPhone 6S and later
  • iPad Air 2 and later
  • iPad Mini 4 and later
  • iPod Touch (7th Gen)

The security bugs on iOS 14:

There were three security bugs found in iOS 14 where one in the OS kernel allowed hackers to exploit and elevate privileges. Apple found other two security bugs in the WebKit, which allowed attackers to execute malicious code via the Safari browser. All three security bugs could get access to your iPhone or iPad and possibly abstract the sensitive information.

Below is the information about iPadOS and iOS 14 security bugs published by Apple.

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A race condition was addressed with improved locking.

CVE-2021-1782: an anonymous researcher

Apple warned about iOS 14 and iPadOS 14 security bugs - iPhone - iPad Hacked

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A logic issue was addressed with improved restrictions.

CVE-2021-1871: an anonymous researcher

CVE-2021-1870: an anonymous researcher

Other improvements on iOS 14.4:

Apart from the security patches, Apple has improved other bugs on iOS 14.4 for better user experience. The full iOS 14.4 update information available on Apple’s Release Notes. However, we have listed all the points below from Apple’s iOS 14.4 update page.

The iOS 14.4 update resolves issues like Apple fitness widget data updates, Typing delay, Smaller QR Code recognition and more. The full list of improvements on iOS 14.4 is as below, and similarly, Apple fixes the iPadOS 14.4 issues.

  • Smaller QR codes can be recognized by Camera
  • Option to classify Bluetooth device type in Settings for correct identification of headphones for audio notifications
  • Notifications for when the camera on your iPhone is unable to be verified as a new, genuine Apple camera in iPhone 12, iPhone 12 mini, iPhone 12 Pro and iPhone 12 Pro Max

This release also fixes the following issues:

  • Image artifacts could appear in HDR photos taken with iPhone 12 Pro
  • Fitness widget may not display updated Activity data
  • Typing may be delayed and word suggestions may not appear in the keyboard
  • The keyboard may not come up in the correct language in Messages
  • Audio stories from the News app in CarPlay may not resume after being paused for spoken directions or Siri
  • Enabling Switch Control in Accessibility may prevent phone calls from being answered from the Lock Screen

Final Thought:

Apple improved lots of privacy features on iOS 14 that enhances the security of iPhone and personal data. But technology may leave few loopholes behind that attract the hackers and these three security bugs of iOS 14, and iPadOS 14 seems one of those. So updating your iPhone or iPad with latest iOS 14.4 and iPadOS 14.4 respectively resolve the many issues including security bugs.

We always recommend to update your system with security patches, doesn’t matter either it’s a phone or computer. But sometimes it will be beneficial if you wait till the new version of OS getting stable updates.