PCMag reports that flaws allowing hackers to download malicious apps to gain privileges on devices from iPhones going back to 6s and iPads stretching to the iPad Air 2 and iPad mini 4 have been addressed with iOS 14.4 and iPadOS 14.4.
Key highlights from the report:
- The first two flaws involve Webkit, the browser engine in Safari and iOS’s Mail application. The “logic issue” can be abused to cause Webkit to execute computer code, paving the way for a hacker-crafted email or website to trigger an iPhone to download a malicious app.
- The third flaw deals with iOS’s kernel, which controls the major interactions behind the operating system. A bug in how the kernel executes operations can enable a malicious iOS app to gain additional privileges.
- Hackers may have been chaining the vulnerabilities together to spread malware to victims.
You can read more at this Apple security support document.