Apple issued a new version of the iPhone and iPad’s operating systems on Monday to address a vulnerability that was being used in the wild by hackers to hijack Apple devices.
On its security update website, Apple stated, “Apple is aware of reports that this vulnerability has been actively exploited.” This is the terminology Apple employs when someone notifies the firm that they have witnessed hackers exploiting a problem against real-world targets, as opposed to a vulnerability discovered by a researcher in a controlled setting.
In this instance, Apple attributed the discovery to an anonymous researcher and praised Citizen Lab “for their support.” Citizen Lab is a digital rights research group based at the Munk School of the University of Toronto. It is renowned for revealing the misuse of government hacking tools, such as those manufactured by NSO Group.
Scott Radcliffe, a representative for Apple, told TechCrunch that the firm has nothing to contribute beyond what is included in the release notes. Senior researcher at Citizen Lab, Bill Marczak, stated that he and his colleagues had no remarks at this time.
This latest flaw was found in WebKit, the browser engine used by Safari and developed by Apple. WebKit has historically been a favourite target for hackers, as it provides access to the rest of the device’s data.
Motherboard reported in 2021 that in just the first four months of that year, Apple had patched seven exploited issues, six of which were in WebKit, a number that experts at the time deemed to be high.
Since then, the situation has improved. TechCrunch reports that, since January 2022, there have been nine iOS vulnerabilities that “may have been actively exploited,” including four in WebKit. Other vulnerabilities included three in the kernel, the operating system’s basic component, one in AppleAVD, the company’s audio and video decoding framework, and one in IOMobileFrameBuffer, a kernel extension.
As usual, the likelihood that a typical iPhone user will be targeted by this zero-day vulnerability is low, but you should still upgrade your device.