Apple has released security updates for iPhones, iPads and Macs to fix two vulnerabilities that the company says are being actively exploited to hack people.
The tech giant introduced new software updates, iOS and iPadOS 17.1.2and macOS 14.1.2after a vulnerability was disclosed by security researchers in Google’s Threat Analysis Group, which investigates government-sponsored cyberattacks.
In updates released Thursday, Apple said it fixed two vulnerabilities in WebKit, the browser engine that powers Safari and other apps. The vulnerabilities allow hackers to remotely install malicious code, such as spyware, onto a person’s device over the Internet. The bug is called “zero-day” because the vendor has no time or zero days to patch the vulnerability before actively exploiting it.
“Apple is aware of a report that this issue may have been exploited in versions of iOS prior to iOS 16.7.1,” Apple said in its security advisory, referring to the iPhone software released on October 11.
Apple also released one update to his browser, Safari 17.1.2for users running older versions of macOS Monterey and macOS Ventura, the company said.
It is not known who is exploiting these new zero-day vulnerabilities. Google has not yet attributed the exploit to a specific malicious actor or government. Apple and Google did not provide further details about the vulnerabilities.
Earlier this week, Google patched its own zero-day vulnerability in Google Chrome, which the search giant said it was aware of that an exploit for the vulnerability “exists in the wild.” Google security researcher said Maddie Stone in a post on X, formerly Twitter, that the Chrome bug was fixed within four days. Apple fixed the bug reported by Google researchers in less than a week.
Read more at TechCrunch:
