Zack Whittaker, TechCrunch:

Apple has released iOS 14.4 with security fixes for three vulnerabilities, said to be under active attack by hackers.

The technology giant said in its security update pages for iOS and iPadOS 14.4 that the three bugs affecting iPhones and iPads “may have been actively exploited.” Details of the vulnerabilities are scarce, and an Apple spokesperson declined to comment beyond what’s in the advisory.

From that Apple security note:

Kernel impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

And:

WebKit impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Note that this is an issue for both iPadOS and iOS. So update your iPhone and iPad both.