On its support page, the company said that three security flaws “could have been actively exploited”. He did not disclose too much information about the bugs, noting that “Apple does not disclose, discuss or confirm security issues until an investigation has taken place and no patches or versions are available.”
The problem is a link in an operating chain, which means that a hacker would have to exploit other bugs for it to be fully executable. The company declined to comment further on any attack.
The company removed security patches on Tuesday as part of its new iOS 14.4 software, which also includes keyboard delay fixes and allows the camera to read smaller QR codes.
Apple said two security issues came from WebKit, an open source browser engine used by Safari and iOS browsers. “A remote attacker can cause arbitrary execution of the code,” the company said in the description notes. Meanwhile, Kernel, a framework for Apple developers, has also been affected.
The exploits were reported by “an anonymous researcher”, according to the website.
Apple prides itself on the security of the device, but is not immune to exploitation. Last year, Google researchers found several websites with code that allowed hackers to quietly infiltrate the iPhone. Meanwhile, an iOS13 bug exposed contact details stored on the iPhone without requiring a password or biometric identification – a flaw that the company did not address publicly until a few months after it was first reported.
The-CNN-Wire & 2021 Cable News Network, Inc., a WarnerMedia company. All rights reserved.