Do you remember that last Tuesday (26), Apple released the “disappointing” iOS 14.4 update, which brought almost no new features? Well, now we know what the update is for, and you should install it immediately. The truth is that the build fixes three very serious vulnerabilities in the operating system, which are already being exploited by criminals.
According to the Russian security company Kaspersky, the loopholes in question are considered zero-day (that is, they were abused by attackers even before Apple knew of their existence) and are registered under the codes CVE-2021-1780, CVE -2021-1781, and CVE-2021-1782. It is worth remembering that iPadOS also received build 14.4 and owners of tablets in the line should also update their devices, as bugs also affect these devices.
“We know how difficult it is to infect an iPhone or iPad and root (breach of security protections) the device to intercept data. However, there is an effective method of infection - the so-called Drive-By-Download attack. A target only needs to visit a web page prepared with an exploit that will use the vulnerability in the operating system to carry out the invasion ”, explains Fabio Assolini, a researcher at Kaspersky.
“This is a critical update since the infection method is an exploit and allows the criminal to carry out a complete infection, which will allow the attacker to access any data that is on the device, such as in-app messages with end-to-end encryption, geolocation, call history and corporate email. Correcting the vulnerability is the best way to fight the attack ”, concludes the executive.
IOS / iPadOS 14.4 is available for iPhone 6, iPad Air 2, iPad mini 4 or newer; and for the seventh generation of iPod touch.
0 Comments