Major security vulnerabilities found in iOS and macOS devices could allow potential hackers complete control of a user’s device, Apple warned Wednesday. The company quietly released two security reports last week about the vulnerability citing an anonymous researcher for the discovery.
Both bugs exist in WebKit, Apple’s browser engine that powers Safari and apps. According to reports provided by Apple, the first vulnerability would allow a hacker full access to a user’s device. Rachel Tobac, CEO of SocialProof Security, told NPR that this could allow potential attackers to impersonate the owner of the device and run any kind of software in their name. He added that those “in the public eye,” such as journalists and activists, should stay tuned for the update.
SEE ALSO: He points out the phone numbers of users exposed in a major Twilio hack
A second vulnerability was also found for the browser engines used by Safari, Mail and other iOS apps. According to the company’s security report, this security flaw allows attackers to arbitrarily execute code that could download malware to a user’s device.
Apple’s reports are sparse on details and also don’t explain in detail how and where the vulnerabilities work or come from, citing only an anonymous researcher for the discovery of both vulnerabilities. Security experts warn that the vulnerability affects nearly all iPhone devices and Mac computers running macOS Monterey, NPR reported.
The tech giant did not say how many users were affected, but said it is “aware of a report that this issue may have been actively exploited,” according to Fortune.
The good news about all of this is that Apple has already released patches to combat the bugs. So all you need to do is update your iOS devices and Mac and you should be good to go. However, with the prevalence of commercial spyware companies, the bad news is that this won’t be the last time your device could be at risk.