WASHINGTON (CNN) – Apple is urging iPhone and iPad users to immediately update their operating systems to fix security flaws that may already have been exploited by hackers.
On its supporting web page, the company said three security flaws “may have been actively exploited.” It did not reveal too much detail about the bugs, noting “Apple does not disclose, discuss or confirm security issues until an investigation has taken place and patches or releases are available.”
The problem is a link in an exploit chain, which means that a hacker must exploit further bugs in order to be fully executable. The company declined to comment further on any attacks.
The company released the security patches on Tuesday as part of the new iOS 14.4 software, which also includes keyboard lag fixes and allows the camera to read smaller QR codes.
Apple said two security vulnerabilities stem from the WebKit, an open source browser engine used by Safari and iOS browsers. “A remote attacker could cause arbitrary code execution,” the company said in the description notes. Meanwhile, Kernel, an Apple developer cadre, was also hit.
The exploits were reported by “an anonymous researcher,” the webpage said.
A remote attacker can cause arbitrary code execution.
-Apple
Apple prides itself on device security, but it is not immune to exploits. Last year, Google researchers found several websites with code that allowed hackers to quietly infiltrate iPhones. Meanwhile, an iOS13 bug revealed contact information stored on iPhones without the need for a passcode or biometric identification – a bug that the company didn’t make public until several months after the initial report.
Have you updated your iPhone in the last 24 hours?
The-CNN-Wire ™ & © 2021 Cable News Network, Inc., a Time Warner Company. All rights reserved.