Whether you use an iPhone for work, personal use, or a hybrid of the two: you shouldn’t put off installing the new iPhone update.
The iOS 14.4 and iPadOS 14.4 update notes apparently contain parts which suggest “a malicious application may be able to elevate privileges.”
Further in the notes, it says “a remote attacker may be able to cause arbitrary code execution,” adding later that “Apple is aware of a report that this issue may have been actively exploited.”
More from a recent Verge article:
“To put the language into plain terms: Apple found a security hole in its operating systems, and it also has evidence that someone may have exploited it. The update notes don’t have any further details, so for now, we don’t know who may have used the security breach or what they may have been using it for.
“However it was used, the security breaches aren’t minor ones. An application being able to elevate privileges means that it could do things it’s not supposed to be able to do. Again, there aren’t any details, but broadly speaking, it means a malicious app could’ve bypassed some of Apple’s security protections.
“This isn’t to say it’s time to go into total cyber-lockdown mode, but it does mean that 14.4 isn’t an update you want to put off for a while. In the meantime, Apple says it’ll provide additional details soon, so we’ll keep an eye out for more information about the exploits.”
More employees working from home means more devices are connecting remotely, i.e. outside of the secured corporate network. This is especially true for companies who provide users mobile devices.
The consequences of poor cybersecurity hygiene while working remotely can include anything from compromised sensitive data to unauthorized access to the organization’s infrastructure.
Clearly, regular updates to potentially-hackable devices should be a part of that hygiene.