TechBriefly
  • Tech
  • Business
  • Crypto
  • Science
  • Geek
  • How to
  • About
    • About TechBriefly
    • Terms and Conditions
    • Privacy Policy
    • Contact Us
    • Languages
      • 中文 (Chinese)
      • Dansk
      • Deutsch
      • Español
      • English
      • Français
      • Nederlands
      • Italiano
      • 日本语 (Japanese)
      • 한국인 (Korean)
      • Norsk
      • Polski
      • Português
      • Pусский (Russian)
      • Suomalainen
      • Svenska
  • FAQ
    • Articles
No Result
View All Result
 Hot Topics:
  • Funny notes on Instagram
  • What is Snapchat planets order?
  • Best free AI art generators
  • Instagram Notes ideas
  • Elon Musk & Twitter
TechBriefly
No Result
View All Result
Home Tech Security

iOS 14.4 fixes three security flaws that Apple believes could have been exploited

by Jawad Wallace
27 January 2021
in Security, Tech
Reading Time: 2 mins read
iOS 14.4 fixes three security flaws that Apple believes could have been exploited
Share on FacebookShare on Twitter

With yesterday’s release of iOS 14.4 and all other operating systems, Apple has included its typical bug fixes. However, Apple acknowledges that iOS 14.4 fixes three security bugs that the company says “could have been actively exploited.” This is the first time Apple has explicitly acknowledged closing a security flaw that could have been exploited in a malicious attack.

Safari and Kernel bugs have been fixed by iOS 14.4

In the iOS 14.4 security document here, you can see the description of the three bugs fixed with the update. They are as follows:

CVE-2021-1782: a malicious application can gain access to elevated privileges in the Kernel.
CVE-2021-1870 and CVE-2021-1871: a remote attacker can cause the execution of arbitrary execution code in Webkit.

The Kernel is a fundamental part of the operating system that allows the rest of the software to access the hardware. Webkit is the browser engine developed by Apple for Safari, which is used on both macOS and iOS. Often, a hacker will use multiple bugs in a chain to gain access to a device. In this case, we have two “keys” to get in and a “door” to access with them.

It is unknown if it has been used against one or more users or if it has been exploited on a large scale. However, the security note itself states that “additional details will be available soon”.

An anonymous researcher could be rewarded

In the security notes for a new software release, Apple usually indicates the person or team that found it. If no direct attribution appears, it is assumed that it was fixed by their own team. But in this case, the three bugs are attributed to “an anonymous researcher”.

In the world of hardware and software security, it is common practice to publicize such bugs publicly, once the company has been contacted and the bugs have been fixed. In this way, you gain relevance and prestige among peers, as if it were a new resume line. This is why the anonymity of the person or group that made the three errors known is even more striking.

It is worth remembering that each update fixes bugs, in some cases major ones, that help to protect the security of our devices.

It is not the first time that security bugs that have been exploited maliciously have been discovered. One of the most notorious cases was Pegasus, a set of three bugs that also allowed access to the Kernel. They were used by the United Arab Emirates to spy on a political dissident in the country, being fixed by Apple in summer 2016.

Apple launched a rewards program some time ago, where it awards monetary prizes to those who manage to crack the security of its devices. Prizes range from 100,000 USD for bypassing the lock screen, to 1 million USD for managing to execute code in the Kernel without clicks.

Of course, the anonymous tipster could well pocket a few hundred thousand dollars for those three bugs. We’ll see if we find out more about this in the coming weeks.

Tags: ApplebugfeaturedfixiPhonepatchsecuritysmartphone

Related Posts

Samsung Galaxy Book 3 was also revealed at the Unpacked 2023 event, and we gathered the specs, price, and release date in this article.

Samsung Galaxy Book 3: Specs, price, and release date

ChatGPT Plus

ChatGPT Plus is out for those who seek perfection

netflix anti password sharing new netflix rules

The new Netflix rules were not well received on social media

The middle kid of the S23 family, all the information you need about Samsung Galaxy S23 Plus is here, including its specs, price, and release date.

Samsung Galaxy S23 Plus: Specs, price, and release date

POPULAR

Soldier poet king quiz TikTok
Social Media

Soldier poet king quiz: TikTok trend explained

ChatGPT is at capacity right now: Too many requests in 1 hour try again later (Fixed)
How to

Too many requests in 1 hour try again later (Fixed): ChatGPT is at capacity right now

What is Snapchat planets order?
How to

What is Snapchat planets order?

Bane of Dragons ESO
How to

Bane of Dragons ESO: How to complete the quest?

Witcher 3 manual save not working
How to

Witcher 3 manual save not working: How to fix it?

Beyonce World Tour 2023
news

Beyonce World Tour 2023: Ticket prices, dates, and more

In this article, we are going to be covering how much is 1 million diamonds on TikTok, and answer some of the most frequently asked questions about the subject.
How to

How much is 1 million diamonds on TikTok?

ai music generator open ai jukebox
AI

AI music generators take on a whole new dimension with Open AI Jukebox

Answering the most common questions about the Instagram collab feature
How to

Answering the most common questions about the Instagram collab feature

Division 2 crashing: How to fix it (2023)?
How to

How to fix Division 2 if it keeps crashing in 2023?

RSS Digital Report

  • SEO for enterprise guide: Strategies, tools and more
  • Top SEO podcasts: Strategies to boost SEO
  • Here are the top 10 blockchain certification courses
  • Blockchain open source: What is it and what are the best projects?
  • Top 5 questions about marketing: Examples and answers
  • Back door marketing: What is it?
  • What is outbound marketing: Complete Guide
  • Online marketing for real estate: Tips and tricks
  • Top 5 SEO reporting software tools
  • Tips and tools for DIY digital marketing

RSS Latest from LeaderGamer

  • Tomb Raider Reloaded release date revealed
  • Valve has released a new update for Steam
  • Wordle TR 3 Şubat 2023 günün cevabı
  • EA may have canceled the new Titanfall game
  • Fortnite FPS mode may be coming
  • GTA 5 released a security-focused update
  • Amnesia The Bunker release date delayed
  • Hogwarts Legacy release trailer released
  • Official PlayStation Plus February 2023 games announced
  • The Sims developers reveal new information about Project Rene
TechBriefly

© 2021 TechBriefly is a Linkmedya brand.

  • Tech
  • Business
  • Science
  • Geek
  • How to
  • About
  • Privacy
  • Terms
  • Contact
  • LeaderGamer
  • FAQ

Follow Us

No Result
View All Result
  • Tech
  • Business
  • Crypto
  • Science
  • Geek
  • How to
  • About
    • About TechBriefly
    • Terms and Conditions
    • Privacy Policy
    • Contact Us
    • Languages
      • 中文 (Chinese)
      • Dansk
      • Deutsch
      • Español
      • English
      • Français
      • Nederlands
      • Italiano
      • 日本语 (Japanese)
      • 한국인 (Korean)
      • Norsk
      • Polski
      • Português
      • Pусский (Russian)
      • Suomalainen
      • Svenska
  • FAQ
    • Articles