The tech giant has released new software updates, iOS and iPadOS 17. 1. 2, and macOS 14. 1. 2, following the disclosure of a vulnerability through security researchers from Google’s risk research group, which investigates government-backed cyberattacks.
In updates released Thursday, Apple said it had fixed two vulnerabilities in WebKit, the browser engine that powers Safari and other apps. These vulnerabilities allow hackers to remotely implant malicious code, such as spyware, onto a person’s device on the internet. The bug is called a “zero-day” because the vendor doesn’t have time, if any, to fix the vulnerability before it’s actively exploited.
“Apple is aware of a report that this factor would have possibly been exploited in iOS versions prior to iOS 16. 7. 1,” Apple said in its security advisories, referring to iPhone software released on Oct. 11.
Apple also released an update to its browser, Safari 17. 1. 2, for users running older versions of macOS Monterey and macOS Ventura, the company said.
It’s unclear who is exploiting those new zero-day vulnerabilities. Google has yet to attribute the exploitation to some specific malicious actor or government. Apple and Google provided more details about the vulnerabilities.
Earlier this week, Google patched its own zero-day vulnerability in Google Chrome, which the search giant said it was aware that an exploit for the vulnerability “exists in the wild.” Google security researcher Maddie Stone said in a post on X, formerly Twitter, that the Chrome bug was fixed within four days. Apple fixed the bug reported by Google’s researchers in just under a week.
Read from TechCrunch:
Russian Zero-Day Seller Offers $20 Million to Hack Android and iPhone