Apple is urging iPhone and iPad users to promptly update their operating systems to fix security bugs that may have already been exploited by hackers. Therefore, it has rolled out iOS 14.4 and iPadOS 14.4 for supported iPhones, iPads, and iPod Touch devices.
The updates are available for the following Apple devices:
- iPhone 6s and later
- iPad Air 2 and later
- iPad mini 4 and later
- iPod touch (7th generation)
On its support webpage, the company said three security flaws “may have been actively exploited.” It did not reveal too many specifics about the bugs, though Apple said it would share additional details on these vulnerabilities soon, noting “Apple does not disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”
The issue is a link in an exploit chain, meaning a hacker would need to exploit further bugs for it to be fully executable. The company declined to comment further on any attacks. The company pushed out the security patches on Tuesday as part of its new iOS 14.4 software, which also includes fixes for keyboard lag and allows smaller QR codes to be read by the camera.
Apple said two security issues stem from its WebKit, an open source browser engine used by Safari and iOS browsers. “A remote attacker may be able to cause arbitrary code execution,” the company said in the description notes. Meanwhile, Kernel, an Apple developer framework, was also affected. The exploits were reported by “an anonymous researcher,” according to the webpage.
Apple prides itself on device security but it’s not immune to exploits. Last year, Google researchers found several websites with code that allowed hackers to quietly infiltrate iPhones. Meanwhile, an iOS13 bug exposed contact details stored in iPhones without requiring a passcode or biometric identification — a flaw that the company did not publicly address until several months after it was first reported.
New features and fixes
Aside from the security patches, improvements to iOS 14.4 and iPadOS 14.4 also include the ability for the camera to recognise smaller QR codes, and an option to classify Bluetooth device type in Settings for correct identification of headphones for audio notifications.
iOS 14.4 will now notify users of the iPhone 12, iPhone 12 mini, iPhone 12 Pro, or iPhone 12 Pro Max if the camera installed on their device cannot be verified as a new, genuine Apple product. In addition, Apple has fixed issues related to the keyboard for both iOS 14.4 and iPad OS 14.4. This includes a delay in typing and word suggestions not appearing, and the incorrect language coming up for the keyboard in Messages.
Other issues fixed in iOS 14.4 are:
- Image artifacts could appear in HDR photos taken with iPhone 12 Pro.
- Fitness widget may not display updated Activity data.
- Audio stories from the News app in CarPlay may not resume after being paused for spoken directions or Siri.
- Enabling Switch Control in Accessibility may prevent phone calls from being answered from the Lock Screen.
Apple has also launched watchOS 7.3 for the Apple Watch Series 3 and later. It features the new Unity watch faces, several bug fixes, a new Time for Walk feature, and support for ECG in more countries.