In the notes attached to the update to the iOS and iPadOs operating systems, released on January 26, 2021, the Apple company claimed to resolve three security vulnerabilities in its mobile devices. In addition to the above, it claims to have received at least one report that these cybersecurity breaches have been “actively exploited.”
According to information revealed by the Cupertino company, two of the vulnerabilities were found in the code of WebKit, the platform behind the Safari browser. The other was found in the system’s core (or kernel), which could have significantly compromised the security of iPhone and iPad users.
In addition to the above, Apple detailed that these vulnerabilities could have caused, in the case of the Kernel, that an external party installed malicious software to elevate its privileges on the system. Similarly, flaws found in WebKit would potentially open the door to “arbitrary code execution” by third parties.
The technology company did not give more details than those previously exposed; and even kept the anonymity of those responsible for discovering the breaches. According to the update notes, more information will be available “soon”, without specifying dates. Specialized media such as TechCrunch and The Verge, recommended that all users of models iPhone 6s onwards, iPad Air 2 onwards, iPad 4 mini and 7th generation iPod touch, update their operating system as soon as possible.
Apple engineers detailed that the vulnerabilities were solved with the implementation of new requirements and race conditions. However, more information and a comprehensive assessment on the possible impacts of this cybersecurity breach remains to be expected. Version 14.4 for iOS and iPadOS systems also includes improvements in performance, Bluetooth connectivity, and QR code reading on iPhone and iPad mobile devices.