On its support website, the company said three security flaws “may have been actively exploited.” He did not disclose too much specific data about the bugs, noting that “Apple does not disclose, discuss or confirm security issues until an investigation has taken place and patches or versions are available.”
The problem is a link in an exploitation chain, meaning that a hacker would have to exploit more errors in order for it to be fully executable. The company declined to comment further on any attack.
The company removed the security patches on Tuesday as part of its new iOS 14.4 software, which also includes solutions to slow down the keyboard and allows the camera to read smaller QR codes.
Apple said two security issues come from its WebKit, an open source browser engine used by Safari and iOS browsers. “A remote attacker can result in arbitrary code execution,” the company said in the description notes. Meanwhile, Kernel, a framework for Apple developers, was also affected.
According to the website, “an anonymous investigator” reported the exploits.
Apple prides itself on device security, but isn’t immune to exploits. Last year, Google researchers found several websites with code that allowed hackers to quietly infiltrate iPhones. Meanwhile, an iOS13 bug exposed contact data stored on iPhones without the need for a password or biometric identification, a flaw that the company did not publicly address until several months after its first notification.
The-CNN-Wire & 2021 Cable News Network, Inc., a WarnerMedia company. All rights reserved.