Apple today released iOS 14.4 and iPadOS 14.4, along with watchOS 7.3 and tvOS 14.4.
For its iPhone and iPad updates today, Apple says it has patched three security flaws that “may have been actively exploited.”
The security flaws affect iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).
The first two flaws are related to WebKit, the company’s browser engine. Apple says “a remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” In other words, a hacker could have used WebKit to trick a user into downloading a nefarious app.
The third flaw is related to the iOS kernel, where “a malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.”
It’s unclear if hackers were leveraging both of these flaws together to compromise data from victims, but it may have been possible.
Nevertheless, it’s best to update to iOS 14.4 and iPadOS 14.4 right away, by going to Settings > General > Software Update on your iPhone or iPad.