On the 27th of January Apple released a statement saying they have found and fixed three vulnerabilities in iOS and iPadOS. The newly found issues may have been a major security threat.
Two of the vulnerabilities were found in the WebKit engine (used in the Safari browser). The other one was discovered in the OS core itself. All three of the vulnerabilities seem to have been severe security risks. According to Apple, they could have been used to get extended remote access to the devices, their apps, and features.
However, as of now, we don’t know how much of a threat those vulnerabilities actually were. Nor do we know if those issues were actually exploited. Apple did not go into much detail, only stating that the vulnerabilities “could have been actively used”.
All three of the newfound security threats were fixed with a recent core update (iOS 14.4 and iPadOS 14.4).
However, the scarce information (or lack thereof) is troubling. We are eagerly awaiting further statements from the tech giant to better understand the extent of the threat.