Apple has released iOS 14.4 with security fixes for three vulnerabilities, said to be under active attack by hackers.
The technology giant said in its security update pages for iOS and iPadOS 14.4 that the three bugs affecting iPhones and iPads “may have been actively exploited.”
Details of the vulnerabilities are scarce, and an Apple spokesperson declined to comment beyond what’s in the advisory.
It’s not known who is actively exploiting the vulnerabilities, or who might have fallen victim. Apple did not say if the attack was targeted against a small subset of users or if it was a wider attack.
Apple granted anonymity to the individual who submitted the bug, the advisory said.
Cybereason chief security officer Sam Curry said: “Apple admitting to iPhone security vulnerabilities is about as rare as someone getting struck by lightning. So kudos for them for releasing iOS 14.4 with patches for the three identified bugs. What we won’t know for some time is how widespread the threat is.
“That information is reportedly forthcoming. I say to Apple, don’t stop there as transparency is extremely important because you are one of the largest companies in the world and tens of millions of people trust you to get trust right. Dig deeper into the current investigation and come up with new countermeasures and controls.
“There isn’t a big screen with green and red settings that flip from all good to all bad. As with most things in life, cyber doesn’t work that way. Also, keep in mind that history and the public will judge you quite harshly and probably unfairly. Security is a job of doing the best we can and then keep doing better. So keep going and err on the side of protecting users, data, privacy and fighting the good fight with the rest of the security community”
