Apple has issued iOS 14.4, which includes security enhancements addressing three vulnerabilities that are reportedly being targeted by malicious actors.

According to the company’s security release notes for iOS and iPadOS 14.4, these three flaws present in iPhones and iPads “may have been exploited in the wild.” Specifics regarding these vulnerabilities are limited, and an Apple representative offered no further explanation beyond the published advisory.

The identity of those exploiting these weaknesses, and any potential victims, remain unknown. Apple has not indicated whether the exploitation was limited to a specific group of users or represented a broader campaign. The advisory also notes that the person who reported the vulnerabilities was granted confidentiality.

The two of these issues were identified within WebKit, the engine driving the Safari browser, and the Kernel, which forms the foundation of the operating system. Attackers frequently leverage multiple vulnerabilities in sequence, rather than focusing on a single weakness. Targeting browser vulnerabilities is a common tactic to gain access to the device’s core operating system.

Apple stated that further information will be released shortly, though a specific timeframe was not provided.

This disclosure is unusual for Apple, a company known for its strong security reputation, to acknowledge the possibility of ongoing attacks against its users.

In 2019, Google security experts uncovered numerous websites containing code designed to secretly compromise iPhones. TechCrunch reported that this activity was part of a surveillance operation, likely orchestrated by the Chinese government, aimed at monitoring Uyghur Muslims. Apple publicly challenged some of Google’s conclusions, a rare occurrence that drew criticism for seemingly minimizing the severity of the situation.

Recently, in the previous month, the internet monitoring organization Citizen Lab discovered that numerous journalists had their iPhones compromised through a previously unknown vulnerability, resulting in the installation of spyware created by NSO Group, an Israel-based company.

Given the lack of detailed information, it is recommended that iPhone and iPad users update to iOS 14.4 at the earliest opportunity.