Apple has released an update for version 14 of its iOS and iPadOS operating systems, with some improvements to fix security vulnerabilities. Apple wrote in a note that these flaws may have already been exploited by malicious users, so those with an iPhone or iPad are advised to update the system to the new version 14.4 as soon as possible.
Apple did not give much other information on possible violations: it only specified that, for the protection of its users “it does not disclose, discuss or confirm security problems until an investigation has been carried out”.
Two of the flaws concern WebKit, the system for viewing web pages on Safari (Apple's browser), while a third flaw concerns the main component (“kernel”) of the operating system itself. Apple attributed the report of the three problems to an “anonymous researcher” and said it was aware that “the problems may have been actively exploited”.
The flaws could be related, as attacks like this, when successful, often exploit linked weaknesses rather than a single flaw. TechCrunch writes that it is not uncommon for weaknesses in a device's browsers to be attacked (as is WebKit for Apple) to gain access to the underlying operating system (the kernel in this case).
Over time, Apple has built an image of reliability in the field of information security of which the company is very proud, and often recognized by users. Those who use these operating systems should update them as soon as possible, following the instructions in “Software Update” available in the “General” section of the iPhone and iPad settings.
– Read also: Apple and Google argue about iPhone security