There are few known security flaws that are actively exploited as most well known software companies try to keep everything buttoned up as best they can because of the bad publicity a 0-day exploit.
In this case, Apple had a few actively exploited bugs before 14.4 that were related to Safari and the WebKit software (the backbone of Safari) and a kernel (a low level way the system interacts with itself and the silicon). This security flaw was actively being used by hackers and government organizations to track and monitor its users. While these attacks were very targeted attacks, they were still being used as a 0-day exploit and needed to be patched.
The problem with most software now is as targeted attacks become more common, the incentive for large software corporations fix every exploits go down. The problem with Apple and their closed ecosystem is the difficulty for third party developers to be able to patch these or even cover these through third party software themselves. So they are left to Apple to try to prioritize these exploits based on publicity and corporate money. If a large corporation uses Apple devices and complain, Apple will likely patch it. If it becomes a privacy nightmare, Apple will patch it. If its you or me that is being actively targeted by a hacker through a method that is not well known, until it becomes a problem for them, they won’t patch it. While Apple touts security, until there is some level of openness in their operating system, like Microsoft allows with their operating system, I believe Apple will become a larger target for specific and targeted attacks on certain groups of people or certain use cases.
Comentarios