Apple is urging users to update devices with the latest iOS 14.4 to fix three security vulnerabilities that ‘may have been actively exploited’ by hackers.
The tech giant released a statement on its Apple Support page that shows two bugs were identified in Webkit, the browser engine that powers Safari and one in the core operating system, Kernel.
The Kernel flaw was described as a ‘race condition’ that can allow malicious applications to elevate privileges, but the update fixes it with ‘improved locking.’
Vulnerabilities in WebKit have been rectified with improved restrictions, but without the update hackers could remotely access devices ‘to cause arbitrary code execution,’ Apple states.
Scroll down for video
Apple is urging users to update devices with the latest iOS 14.4 to fix three security vulnerabilities that ‘may have been actively exploited’ by hackers. The update can be accessed in Settings, General and then Software Update
Apple rarely announces issues with its systems that could be used by bad actors in malicious activity, but the tech giant is open to receiving reports from others who find a security of privacy vulnerability.
The firm’s site shows an ‘anonymous researcher’ spotted the flaws codenamed ‘CVE-2021-1782,’ ‘CVE-2021-1871’ and ‘CVE-2021-1870.’
Along with fixing the bugs, iOS 14.4 includes other updates for keyboard lag and allows devices to read smaller QR codes.
Apple does pride itself on a security system, but that does not mean the technology is immune to problems.
The tech giant released a statement on its Apple Support page that shows two bugs were identified in Webkit, the browser engine that powers Safari and one in the core operating system, Kernel
In 2019, Google’s Project Zero found several vulnerabilities in iMessage, with some allowing hackers to send malicious codes via text that granted them access to the device when opened.
Other bugs leveraged a flaw in iOS memory and allowed attackers to hoover data from the phone onto a remote device.
And a few months later, Google’s research group uncovered an ‘indiscriminate’ hacking operation that targeted iPhones used websites to implant malicious software to access photos, user locations and other data.
‘Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,’ said Project Zero’s Ian Beer.
However, Apple responded to the report by calling it misleading and inaccurate.
Apple spokesman Fred Sainz said in a statement the research released by Google created a ‘false impression’ that large numbers of iPhone users may have been compromised.
Sainz said that contrary to what Google claimed, the incident was a ‘narrowly focused’ attack which affected ‘fewer than a dozen websites that focus on content related to the Uighur community, an ethnic minority in China.
Apple recently shared another warning regarding its iPhone 12, which notifies users with pacemakers not to bring their iPhone close to their breast.
The Kernel flaw was described as a ‘race condition’ that can allow malicious applications to elevate privileges, but the update fixes it with ‘improved locking.’ Vulnerabilities in WebKit have been rectified with improved restrictions, but without the update hackers could remotely access devices ‘to cause arbitrary code execution’
The firm’s latest devices feature a technology called MagSafe, which uses in-built magnets to firmly attach accessories like wireless chargers and wallets to the back of the phones.
iPhone 12 devices, released in October last year, also contain components and radios that emit electromagnetic fields.
Apple confirmed the risk applies to all iPhone 12 models – iPhone 12, iPhone 12 mini, iPhone 12 Pro, iPhone 12 Pro Max – and the two MagSafe chargers, the MagSafe Charger and the foldable MagSafe Duo Charger.