Cert NZ issues iPhone, iPad security warning - vulnerability being actively exploited by hackers

Crown agency Cert NZ (the Computer Emergency Response Team) has issued an advisory about a security vulnerability with iOS that Apple says is being actively exploited by hackers.

The issue relates to iOS (the software that runs iPhones), iPadOs and tvOS (the software that runs Apple TVs).

"Immediately update your Apple iOS, iPadOS and tvOS devices to version 14.4 where the update is available. For most users, a pop-up should alert you that an update is available – select 'Update Now'," Cert NZ's advisory says.

"If you do not receive a pop-up message, follow these steps: Go to Settings > System > Software Update. In there, select "Update Software".

The Herald tried, but iOS 14.4 was not yet available. Apple typically makes updates available on a rolling basis [UPDATE: 14.4 is now available for most].

Details are scant at this stage, but an Apple notification page on the issue says "a malicious application may be able to elevate privileges" if it exploits the security vulnerability, indicating potential for a hacker to take control of a device.

"Apple is aware of a report that this issue may have been actively exploited," the iPhone maker says on its security notification page.

iOS 14.4 also adds support for snapping smaller QR codes - a useful addition as we're all being encouraged to up our Covid poster scanning.

Cert NZ recommends users enable an automatic software update function for software on any device.

The announcement took some of the gloss off Data Privacy Day, which saw Facebook boss Mark Zuckerberg riled by an Apple move to make advertisers disclose when they want to track your activity.

Zuckerberg called the move anti-competitive. Apple said it was responding to users' demands for more privacy and transparency, and released a "Day in the Life of Your Data" presentation to push its case.