Both bugs exist in WebKit, Apple’s browser engine that powers Safari and apps. Based on reports provided by Apple, the first vulnerability would allow a hacker to gain full access to a user’s device. Rachel Tobac, CEO of SocialProof Security, told NPR that this could allow potential attackers to impersonate the owner of the device and run any kind of software in their name. He added that those “in the public eye,” such as journalists and activists, should be careful about receiving the information. SEE ALSO: Flag the phone numbers of users exposed in major Twilio hack A second vulnerability was also found for browsers used by Safari, Mail and other iOS apps. According to the company’s security report, this security flaw allows attackers to arbitrarily execute code that could download malware to a user’s device. Apple’s reports are sparse on details and also don’t explain in detail how and where the vulnerabilities work or come from, citing only an unnamed researcher for discovering both vulnerabilities. Security experts warn that the vulnerability affects nearly all iPhones and Macs running macOS Monterey, NPR reported. The tech giant did not say how many users have been affected, but said it is “aware of a report that this issue may have been actively exploited,” according to Fortune. The good news from all of this is that Apple has already released patches to combat the bugs. So all you need to do is update your iOS and Mac devices and you should be good to go. However, with the prevalence of commercial spyware companies, the bad news is that this won’t be the last time your device may be at risk.
