Apple warns of "remote attacker" security threat on iPhone and iPad, releases iOS 14.4 update [View all]

https://www.cbsnews.com/news/apple-security-update-iphone-update-14-4/

Apple released iOS 14.4 and iPadOS 14.4 updates on Tuesday after an anonymous researcher found that attackers may be able to remotely hack certain iPhones, iPads and iPods.

On the company's support page, Apple outlined two security threats that have since been fixed in the newest operating system update, version 14.4. Both security threats, Apple said, may have already been exploited.

The company explained that one vulnerability, which is linked to the web browser rendering engine, WebKit, may allow remote hackers access to a device.

Katie Moussouris, CEO and founder of cybersecurity firm Luta Security, said that means an attacker could control a user's phone. "You've zombified that device," she said. "You are controlling it from a distance."

And since the threat is tied to internet browsing, she noted, "Your regular web browsing may cause you to be held compromised, without having to do really much of anything else," she said. "And that's a problem."