author photo
By Bruce Sussman
Thu | Jan 28, 2021 | 8:16 AM PST

Headlines around the world are now warning iPhone and iPad users to immediately update their devices because of cyberattacks detected against them.

Truthfully, however, Apple is sharing only a few sentences about what is going on. So let's look at what we know—and what we don't.

Apple's security alert for iPad and iPhone

Both of the security advisories relate to iOS 14.4 and iPadOS 14.4, and here is the first half of Apple's security advisory, listed as a kernel flaw, in its entirety:

"Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A race condition was addressed with improved locking.

CVE-2021-1782: an anonymous researcher"

The translation for a "race condition" is that attackers have apparently found a way to beat the clock and insert a malicious command during an OS process before a legitimate command is given. This allows the attacker to gain greater, unauthorized access to the devices.

Apple lists the next issue as a WebKit flaw. 

"Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A logic issue was addressed with improved restrictions.

CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher"

What we don't know about the iPhone and iPad security alerts

Apple's security alert leaves us with lots of questions, which Apple watching publication Tom's Guide summed up aptly:

"We don't know who found them, who's using them, how they attack iPhones or what they do when they succeed. Apple promises 'additional details available soon.'"

SecureWorld will be watching for those too.

How do you install this Apple security update?

To find the iOS update on your device, navigate like this: Settings→General→Software Update.

At that point, you should see a software update waiting for you that says "iOS 14.4 includes improvements and bug fixes for your iPhone" (or iPad).

Click "Download and Install" to apply the Apple fix.

If you get to the software update page and nothing is listed, it is likely you have automatic updates turned on and your device has already been updated by Apple.

Comments