With everyone’s mind currently elsewhere, it’d be easy to overlook the little prompt on your iPhone telling you it’s time to update. That would be a mistake.
On Nov. 5, Apple introduced the latest series of updates to iOS. And included along with the 117 new emoji are some very important security patches. Specifically, the fixes included in iOS 14.2 address real security vulnerabilities being actively exploited right now. That means someone is currently using them against iPhone owners.
We know this because Ben Hawkes, the technical lead of Google’s Project Zero bug hunting group, was kind enough to let the world know.
“Apple have fixed three issues reported by Project Zero that were being actively exploited in the wild,” Hawkes wrote on Twitter. “CVE-2020-27930 (RCE), CVE-2020-27950 (memory leak), and CVE-2020-27932 (kernel privilege escalation). “
Apple have fixed three issues reported by Project Zero that were being actively exploited in the wild. CVE-2020-27930 (RCE), CVE-2020-27950 (memory leak), and CVE-2020-27932 (kernel privilege escalation). The security bulletin is available here: https://t.co/4OIReajIp6
— Ben Hawkes (@benhawkes) November 5, 2020
That “RCE,” which stands for “remote code execution,” is particularly noteworthy because it means — just like it sounds — that a hacker, criminal, or government could remotely run code on your phone. That is bad.
Thankfully, there is a fix. As long as you have an iPhone 6s (or more recent model), all you have to do is update your device. One other piece of relatively good news is that, even though we know these exploits were actually being used, according to Shane Huntley of Google’s Threat Analysis Group, the attacks using them didn’t have to do with the U.S. presidential election.
“Not related to any election targeting,” wrote Huntley on Twitter.
Targeted exploitation in the wild similar to the other recently reported 0days. Not related to any election targeting.
— Shane Huntley (@ShaneHuntley) November 5, 2020
Apple on Thursday also issued updates in the form of iPadOS 14.2, watchOS 7.1, watchOS 6.2.9, watchOS 5.3.9, macOS Catalina 10.15.17, tvOS 14.2, and iOS 12.4.9 (for iPhones older than the iPhone 6s).
So go ahead and hit that update button, and know that you’re getting more than just new emoji. Although, to be fair, those inclusive emoji are pretty damn awesome.