On the security update page, Apple wrote that it was “aware of a report that this issue may have been actively exploited.” That’s the language Apple uses when someone informs the company that they’ve observed hackers exploiting a bug against real-world targets, as opposed to one discovered by a researcher. research in a controlled environment.
Apple on Monday released a new version of its iPhone and iPad operating systems to fix a vulnerability that hackers are naturally exploiting, meaning they’re taking advantage of it to break into Apple devices.
In this case, Apple credited an anonymous researcher for the discovery and also thanked Citizen Lab “for their help”. Citizen Lab is a digital rights research group located at the University of Toronto’s Munk School, known for exposing abuses of government hacking tools, such as those created by the NSO Group.
In 2021, Motherboard reported that in the first 4 months of that year, Apple fixed 7 bugs that were actually exploited, including 6 in WebKit, a number that experts considered high at the time.
Apple spokesman Scott Radcliffe told TechCrunch that the company has nothing to add beyond what’s in the release notes. Citizen Lab senior researcher Bill Marczak said he and his colleagues had no comment at this time. This latest bug is in WebKit, Apple’s browser engine used in Safari and historically a popular target for hackers because it can open up access to the rest of your device’s data.
Since then, things have improved. According to TechCrunch’s vulnerability count, as of January 2022, there have been nine bugs in iOS that “may have been actively exploited,” including four in WebKit. The others are three in the kernel, the core component of the operating system; one of AppleAVD, the company’s audio and video decoder framework; and one in IOMobileFrameBuffer, a kernel extension. As usual, the percentage of average iPhone users being targeted by a date not like this is very low, but you still need to update your phone.