Apple's iOS 14.4 and iPadOS 14.4 were released today (January 26). If you have an Apple device running either iOS 14 or iPadOS 14, an update is recommended. These patches fix three security flaws that may be actively exploited by unknown attackers.

Apple's security bulletin states that the update fixes a kernel flaw (CVE-2021-1782) and two flaws in the WebKit browser rendering engine that powers Safari (CVE-2021-1870 and CVE-2021-1871) The company states.

In both cases, Apple says it is "aware of reports that the issue may have been actively exploited" and refers to the discovery of the flaws as "anonymous researchers."

The kernel flaw is the result of a race condition, whereby a malicious command tries to beat an authorized command to the next step in the process, allowing privilege escalation.

The WebKit bug is the result of a "logic problem," meaning almost anything that allows "remote attackers" to "execute arbitrary code," or malware, via the Internet.

So far, this is all we know. Nothing is known from the CVE (Common Vulnerabilities and Exposures) list of these bugs. We don't know who found them, who is using them, how they are attacking iPhones, or even what they do when they succeed. Apple has promised to provide "additional information soon."

If it is any consolation, most of the iOS security flaws that have been shown to have been exploited "in the wild" over the past few years have only been used in targeted attacks against specific persons or groups.

It doesn't help if you are a celebrity, work in the defense or media industries, or are a political dissident in an oppressive country.