Major security vulnerabilities found in iOS and macOS devices could allow potential hackers complete control of a user’s device, Apple warned on Wednesday. The company quietly published two security reports this past week on the vulnerability citing an anonymous researcher for the discovery.
Both bugs exist within WebKit, Apple’s browser engine that powers Safari and applications. Based on the reports provided by Apple, the first vulnerability would allow a hacker complete access to a user’s device. Rachel Tobac, CEO of SocialProof Security, told NPR that this could allow potential attackers to impersonate the device’s owner and run any kind of software in their name. She added that those “within the public eye” like journalists and activists should be attentive in getting the update.
Signal users’ phone numbers exposed in major Twilio hack
A second vulnerability was found as well for browser engines used by Safari, Mail, and other iOS applications. According to the company’s security report, this security flaw allows attackers to arbitrarily execute code that could download malware onto a user’s device.
Apple’s reports are sparse on details and also don’t explain in detail how and where the vulnerabilities work or come from, only citing an anonymous researcher for the discovery of both vulnerabilities. Security experts are warning that the vulnerability affects almost all iPhone devices and Mac computers running macOS Monterey, NPR reported.
The tech giant has not said how many users have been affected but said it’s “aware of a report that this issue may have been actively exploited,” according to Fortune.
The good news from all of this is that Apple has already released patches to combat the bugs. So all you need to do is update your iOS and Mac devices and you should be all set. However, with the prevalence of commercial spyware firms, the bad news is this won’t be the last time your device may be in danger.