On its support webpage, the company said three security flaws “may have been actively exploited.”
It did not reveal too many specifics about the bugs, noting “Apple does not disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”
The company declined to comment further on any attacks.
Apple said two security issues stem from its WebKit, an open source browser engine used by Safari and iOS browsers.
“A remote attacker may be able to cause arbitrary code execution,” the company said in the description notes.
Meanwhile, Kernel, an Apple developer framework, was also affected.
The exploits were reported by “an anonymous researcher,” according to the webpage.
Apple prides itself on device security but it’s not immune to exploits.
Meanwhile, an iOS13 bug exposed contact details stored in iPhones without requiring a passcode or biometric identification — a flaw that the company did not publicly address until several months after it was first reported.