Issued a company Apple updated iOS 14.4 with security fixes for three vulnerabilities, it was said to be under active attack from hackers.
The tech giant said at Pages Its security update for iOS 14.4 and iPadOS 14.4: The three bugs affecting iPhone and iPads may have been actively exploited.
Details of the security vulnerabilities remain scarce, and an Apple spokesperson declined to comment beyond what was stated in the consultation.
It is not known who is actively exploiting the vulnerabilities, or who might be the victim, and Apple has not stated whether the attack targeted a small subset of users or whether it was a broader attack.
The report said: Apple preferred not to reveal the identity of the person who sent the error, noting that additional details will be available soon, but without saying when.
Two errors were found in the kernel of the operating system and WebKit, the browser engine that powers Safari.
And Apple notes for the kernel that there is a malicious application that may be able to raise privileges, as for WebKit, the company says: A remote attacker may be able to cause the execution of random code.
Some successful exploits use sets of vulnerabilities linked together, rather than one flaw.
It is not uncommon for attackers to target vulnerabilities in device browsers as a way to gain access to the operating system.
This is a rare admission from Apple, which prides itself on its security picture, that its customers could be exposed to an active attack from hackers.
In 2019, Google security researchers discovered a number of malicious websites with code that infiltrated victims’ iPhones.
The attack was part of an operation, most likely by the Chinese government, to spy on Uyghur Muslims.
In response, Apple opposed some of Google’s findings in a rare public statement, and Apple faced more criticism for downplaying the severity of the attack.
And the internet monitoring organization Citizen Lab found last month that dozens of journalists’ iPhones had been hacked. Previously unknown vulnerability that allowed the installation of spyware developed by NSO Group.
In the absence of details, iPhone and iPad users should update to iOS 14.4 and iPadOS 14.4 as soon as possible.