On its support page, the company said that three security holes “may have been actively exploited”. He did not reveal many details about the bugs, noting “Apple does not disclose, discuss or confirm security issues until an investigation occurs and patches or releases are available.”
The problem is a link in an exploit chain, which means that a hacker would need to exploit other bugs to make it fully executable. The company declined to comment further on any attacks.
The company released security patches on Tuesday as part of its new iOS 14.4 software, which also includes fixes for the keyboard delay and allows smaller QR codes to be scanned by the camera.
Apple said two security issues stem from its WebKit, an open source browser engine used by Safari and iOS browsers. “A remote attacker can cause arbitrary code execution,” the company said in the descriptive notes. Meanwhile, the Kernel, an Apple developer framework, has also been affected.
The exploits were reported by “an anonymous researcher”, according to the website.
Apple prides itself on the security of the device, but it is not immune to exploitation. Last year, Google researchers found several sites with code that allowed hackers to silently infiltrate iPhones. Meanwhile, an iOS13 bug exposed contact details stored on iPhones without requiring a password or biometric identification – a flaw that the company did not address publicly until several months after it was first reported.
The-CNN-Wire & 2021 Cable News Network, Inc., a WarnerMedia company. All rights reserved.