Apple patches three vulnerabilities in latest iOS/iPadOS 14.4 update


Posts: 997   +169
Staff member
Bottom line: Rapidly draining batteries or an annoying system app bug usually pushes iPhone and iPad owners to download Apple's latest software update promptly. iOS/iPadOS 14.4, however, should likely be given more attention given that this release addresses three security vulnerabilities that Apple says "may have been actively exploited." One of these is a kernel-level bug, while two are WebKit exploits that could allow for arbitrary code execution from a remote hacker.

With iOS 14.4, owners of compatible iPhone models (6s and up) will be able to scan smaller QR codes, thanks to a tweaked Camera app. Those on the iPhone 12 series will now also get a notification if their phone's camera hardware has been replaced with non-Apple parts.

Additionally, the update adds a new option under Settings to classify the type of third-party Bluetooth audio device in-use so the phone can correctly identify connected headphones and send relevant audio notifications. Bug fixes, meanwhile, include the following:

  • Image artifacts could appear in HDR photos taken with iPhone 12 Pro
  • Fitness widget may not display updated Activity data
  • Typing may be delayed and word suggestions may not appear in the keyboard
  • The keyboard may not come up in the correct language in Messages
  • Audio stories from the News app in CarPlay may not resume after being paused for spoken directions or Siri
  • Enabling Switch Control in Accessibility may prevent phone calls from being answered from the Lock Screen

Apple has also included security fixes for three vulnerabilities in iOS/iPadOS 14.4, one being a kernel-level exploit that could let a malicious app elevate privileges and two being WebKit-related issues that could allow an attacker to execute harmful code remotely on an affected device. Apple says that all three security loopholes were reported by anonymous security researchers and that it will provide more info regarding these vulnerabilities in the future.

Updates were also rolled out for tvOS, with version 14.4 focusing on bug fixes and optimizations, as well as watchOS 7.3 that packs the following list of features, improvements, and bug fixes:

  • Unity watch face—inspired by the colors of the Pan-African Flag, the shapes change throughout the day as you move creating a face that's unique to you
  • Time to Walk for Apple Fitness+ subscribers—an audio experience in the Workout app where guests share inspiring stories as you walk
  • ECG app on Apple Watch Series 4 or later in Japan, Mayotte, Philippines, and Thailand
  • Irregular heart rhythm notifications in Japan, Mayotte, Philippines, Taiwan, and Thailand
  • Fix for an issue where Control Center and Notification Center may be unresponsive when Zoom is enabled

Permalink to story.