Apple on Monday has released a new version of the iPhone and iPad’s operating systems to fix a vulnerability that hackers were exploiting to take advantage and hack Apple devices. On the security update page, Apple wrote that it “is aware of a report that this issue may have been actively exploited.”
This is the kind of language Apple uses when someone alerts the company that they have observed hackers exploiting a bug against targets in the real world, as opposed to a vulnerability found by a researcher in a controlled environment.
In this case, Apple credited an anonymous researcher for the discovery, and also thanked Citizen Lab “for their assistance.” Citizen Lab is a digital rights research group housed at the University of Toronto’s Munk School, known for exposing the abuse of government hacking tools such as those made by NSO Group.
This latest bug was in WebKit, Apple’s browser engine that’s used in Safari, and a historically popular target for hackers, since it can open up access to the rest of the device’s data. In 2021, it was reported that in just the first four months of that year, Apple had patched seven bugs exploited in the wild, of which six were in WebKit, a number that experts considered high at the time.
But things have improved since then. According to TechCrunch’s count of vulnerabilities, since January 2022, there have been nine bugs in iOS that “may have been actively exploited,” of which four in WebKit. The others were three in the kernel, the core component of the operating system; one in AppleAVD, the company’s audio and video decoding framework; and one in IOMobileFrameBuffer, a kernel extension.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.