In a surprising admission, Apple says it’s sending out an update for iOS and iPadOS to fix vulnerabilities that hackers are actively abusing. According to Apple, the bugs allowed remote actors to “cause arbitrary code execution,” which is a serious issue. You should update your devices to iOS and iPadOS 14.4 as soon as possible.
The news comes via Apple’s support page for iOS 14.4. In it, Apple states under the Kernel and Webkit section:
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Companies realizing potential vulnerabilities may exist, and closing those holes isn’t uncommon. But it’s a rare admission from Apple to see it didn’t catch the problem before hackers starting abusing the bug. Precisely what the bad actors have accomplished isn’t clear, but the ability to execute arbitrary code is cause for alarm.
Unfortunately, we know very little as Apple didn’t provide any details. We can’t be sure how many people were affected or what the hackers managed to accomplish. With the right chain of events, it could be very bad, but it’s just as possible that the overall effect is relatively benign. But all things considered, the former is much more likely. Especially given that it’s multiple vulnerabilities that could be used in tandem.
Apple says it will release more details later, and that’s likely to be sometime after 14.4 is widely adopted. Providing more information now could give other hackers the means to reproduce the vulnerability before everyone is protected.
If you an iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation), check for updates right now. Or, if you’re not on Wi-Fi, get the update as soon as you can. Better safe than sorry.