Apple just released iOS 14.4 and iPadOS 14.4, and the update notes contain worrying language (via TechCrunch) In kernel updates, Apple notes that “a malicious application may be able to elevate privileges” and, in WebKit updates, says that “a remote attacker can cause arbitrary code execution”. After both statements, the update notes say: “Apple is aware of a report that this problem may have been actively exploited”.
What this generally means is that you should update your iOS devices as soon as possible. To put the language in simple terms: Apple found a security hole in its operating systems and also has evidence that someone may have exploited it. The update notes have no further details, so for now, we don’t know who may have used the security breach or what they might be using it for.
Regardless of how it was used, security breaches are not minor. An application capable of elevating privileges means that it can do things that should not be done. Again, there is no detail, but generally speaking, it means that a malicious application may have bypassed some of Apple’s security protections.
The WebKit exploit is no better. A remote attacker, being able to cause arbitrary code execution, means that an attacker can do things on your phone just by visiting a website that he controls.
This is not to say that it is time to enter full cyber-lock mode, but it does mean that 14.4 is not an update that you want to postpone for a while. In the meantime, Apple says it will provide additional details soon, so we’ll be on the lookout for more information on exploits.