[ad_1]
Apple released the updates to iOS 14.4 and iPadOS 14.4 on Tuesday after an anonymous researcher found that attackers could remotely hack into certain iPhones, iPads, and iPods.
On the company’s support page, Apple outlined two security threats that have since been fixed in the latest operating system update, version 14.4. Both security threats, Apple said, may have already been exploited.
The company explained that a vulnerability, which is linked to the web browser’s rendering engine, WebKit, can allow hackers to access a device remotely.
Katie Moussouris, CEO and founder of cybersecurity firm Luta Security, said that means an attacker could control a user’s phone. “You turned that device into zombies,” he said. “You are controlling it from a distance.”
And since the threat is tied to Internet browsing, he noted, “Your regular web browsing can make you look compromised, without having to do much more,” he said. “And that is a problem”.
A second security threat that Apple described involves a “rogue application” that can elevate user privileges. In theory, Moussouris said, a malicious actor could exploit this with an app. “It is possible that a vector is, almost like the sleeping cell of an application,” he said. “If you are vulnerable, try to exploit it.”
This threat is known as a kernel vulnerability. “Kernel vulnerabilities, just by their nature, are going to be more serious.” Moussouris said: “[The kernel] it is part of the brain of the operating system. It’s supposed to be the most protected … Sure, you know this is a serious problem. “
Apple said they fixed the problem in their latest operating system update and encouraged iOs and iPadOS users to update their devices. The site’s security update page states, “Keeping your software up to date is one of the most important things you can do to keep your Apple product safe.”
Moussouris said that users should update their operating systems as quickly as possible. “The window of exposure for consumers is between when a patch is available and when they actually apply that patch,” he said, noting that Apple doesn’t always make updates automatic.
“Apple needs to enter a modern era of transparency around security vulnerabilities and make it a lot easier,” Moussouris said, “for the average person to set it up, forget it, and have a lot more automation.”
Apple declined to offer additional comment on the security vulnerability.
