Apple ha iniziato in queste ore la distribuzione di
iOS 14.4 (ed iPadOS 14.4), per migliorare alcune vulnerabilità a livello di sicurezza emerse nelle ultime settimane.
I problemi si manifestavano a partire da
iPhone 6s, la casa di Cupertino non è entrata nel dettaglio per evitare che qualche malintenzionato possa utilizzare le falle a livello software sui dispositivi non ancora aggiornati.
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher