The support documentation for the iOS 14.4 update mentions that Apple is aware that hackers have “actively exploited” a series of security flaws in 14.3.
“A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”
“A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.”
Why is that such a big deal? Well, the tech giant rarely reveals such details. If you’ve ever checked out Apple’s patch notes, you’ve probably noticed they tend to be scarce on details – at least until most devices have been updated.
This time the company gave more away, but all they managed to do was raise more questions. How many users have been affected? Was this part of a large-scale attack, or were these just a few localized incidents? Should you be concerned in any way? Unfortunately, we’ll need to wait for more clarification from Apple.
Until then, you can protect yourself by installing the latest update, checking out these VPNs for iOS (for reasons described below), and tinkering with some settings. Scroll on for the full details.
Encrypt Your Data with an iOS VPN
Do you like free Wi-Fi? Same here. But you know who else does? The title probably gave it away, but yes – hackers love public Wi-Fi as much as anyone else. It’s an easy target for man-in-the-middle attacks and eavesdropping because “free” usually means “unsecured.”
Your Wi-Fi connection isn’t encrypted without password protection so that hackers can snoop around for valuable data. Alternatively, they can create their own fake Wi-Fi hotspots to make their job even more accessible.
Fortunately, you can combat all these threats by using an iPhone VPN to encrypt your data. This means that any traffic passing through your Apple devices will be scrambled and thus unreadable to anyone without the key to decrypt it. Whether it’s hackers, greedy ISPs looking to sell your data, or government surveillance agencies, all they’ll be able to see is a bunch of gibberish.
Watch Out for “Free” VPNs
It’s always tempting to latch onto something with a “free” price tag. How bad could it be? Pretty awful, as it turns out. Just take a look at the case of seven free Hong Kong-based VPNs that leaked the data of 20 million users online.
Mind you, these leaks didn’t just consist of embarrassing browsing histories. These free VPNs leaked emails, passwords, payment info, addresses, you name it. What’s worse is that the providers’ privacy policies claimed they didn’t keep any logs.
But this is just an isolated incident, right? Well, not really. Nearly 40% of all free VPNs on the Google Play Store leak data, while the top free VPNs on the App Store (with over six million total monthly downloads) do not comply with Apple’s review guidelines. Not a great look.
Use Two-Factor Authentication (2FA)
While 2FA may have been overhyped as this catch-all solution against hacking, it’s still better for security than simply using a password. Even something as basic as SMS-based 2FA can prevent the average script kiddie from stealing your accounts.
Ideally, however, the security check should be delivered to a different device. Otherwise, if somebody steals your iPhone, they’ll have immediate access to your 2FA codes. This is where disabling AutoFill passwords comes in handy.
Disable AutoFill Passwords for Extra Security
Trying to remember all your passwords can be cumbersome, and nobody enjoys typing them out every time you log in. However, that extra bit of effort may save you a ton of headaches later on. If your device is stolen (or compromised using one of the vulnerabilities described in Apple’s support document), hackers can use the AutoFill Passwords feature to access all your sensitive accounts.
You can turn the feature off from the Passwords section in your device settings. Consider disabling AutoFill for payment info as well by heading to Settings > Safari > AutoFill. There’s also a setting to turn off contact info AutoFill, but it’s relatively safe to leave it on if you’ve disabled password saving.
Watch Out for Phishing Attacks
Aside from the apparent disaster that is Covid-19, the pandemic also leads to a whopping 300% rise in cybercrime, according to the FBI. Much of that increase is owed to Coronavirus-related phishing emails and fake websites that lure people into handing over their personal data on a digital silver platter.
Traditional phishing scams rely on creating a sense of urgency in the victims. “Immediate action required”, or “Your account has been locked.” You’ll often see these types of subjects in scam emails.
A good rule of thumb is to not open any links or attachments in such emails. If it turns out you really do need to update your account info, you can always access the service’s website directly. Type the website name into your address bar (or better yet, bookmark it), log into your account, and you should get a notification that something needs your attention. If not, then you know the email was a scam.
- WhatsApp Alternatives (Secure, Private, Protect Privacy)
- Gmail Alternatives – Most Secure Email Providers Who Don’t Sell Out Your Data
- LastPass Alternatives (Free & Open-Source)
- Avast Omni Review: Is Avast Omni Worth It?
- Best Firewalls for Small Businesses
Always Update iOS and Third-Party Apps
We realize this may be getting old, but you’d be surprised how many people put off updating their devices until it’s too late. Sure, you could end up in situations where updating iOS slows down your iPhone, especially if it’s an older model. Yet even in that case, Apple offered a proper explanation for the slowdowns (albeit too late, which lead to them paying a hefty fine)
Besides updating iOS, consider minimizing how many third-party apps you have installed on your phone and tablet. The more you have – the more attack vectors there are into your iPhone. Just keep the apps you currently have up-to-date to avoid any trouble down the line.
If you like this news or have any suggestions, please use the comment box below.