Apple has released updates to fix security flaws across its portfolio devices, after admitting the vulnerabilities may have been actively exploited in wild by threat actors.
This vulnerability enables hackers the ability to infiltrate WebKit, the engine that powers the Apple web browser Safari. Once gained the initial foothold, threat actors could then take control of a device’s OS to execute arbitrary code and potentially infiltrate devices through maliciously crafted web content.
Apple mentioned iPhones dating back to the 6S model, iPad 5th generation and later, iPad Air 2 and later, iPad mini 4 and later, all iPad Pro models, and the 7th generation iPod touch are affected.
Mac computers running the company’s Monterey OS were also affected, alongside Apple’s Safari browser on its Big Sur and Catalina OS.
The US CISA also released an advisory on these vulnerabilities and recommended to update as soon as possible.
The company released the patches for the flaws between Wednesday and Friday, which are now listed on Apple’s security updates webpage.
Despite releasing patches for the vulnerability, however, the iPhone maker did not mention how, where or by whom the vulnerabilities were discovered, citing an anonymous researcher.