On Monday, Apple launched a new edition of the operating systems for iPhones and iPads in order to address a vulnerability that hackers had been exploiting to gain unauthorized access to Apple devices. In its security update description, Apple acknowledged that it had received a report indicating that the vulnerability might have been actively exploited.
When a bug is exploited by hackers against real-world targets, Apple typically employs this type of language in its communications. In this instance, an unidentified researcher was acknowledged by Apple for identifying the issue, and Citizen Lab was recognized for its aid. Citizen Lab, a digital rights research organization based at the Munk School of the University of Toronto, is renowned for revealing government hacking tools’ misuse, including those created by NSO Group.
The most recent vulnerability was found in WebKit, Apple’s browser engine that powers Safari and has long been a popular target for hackers, given that it can provide access to the device’s other data. In 2021, Apple fixed seven vulnerabilities in the first four months alone, six of which were in WebKit, as reported by TechCrunch, a figure that experts regarded as high at the time.
However, the situation has improved since then. According to TechCrunch’s vulnerability count, since January 2022, nine vulnerabilities in iOS may have been actively exploited, four of which were found in WebKit. The remaining vulnerabilities included three in the kernel, the operating system’s core component; one in AppleAVD, the company’s audio and video decoding framework; and one in IOMobileFrameBuffer, a kernel extension.
