California [US], December 3
Apple has released security updates for iPhones, iPads, and Macs to address two vulnerabilities that the company claims are being actively exploited to hack individuals, according to TechCrunch.
Following the disclosure of a vulnerability by security experts at Google’s Threat Analysis Group, which examines government-backed cyberattacks, the technology giant released fresh software patches, iOS and iPadOS 17.1.2, and macOS 14.1.2.
According to TechCrunch, in the updates rolled out, Apple said it fixed two vulnerabilities in WebKit, the browser engine that powers Safari and other apps. The vulnerabilities allow for hackers to remotely plant malicious code, such as spyware, on the person’s device over the internet.
The bug is called a “zero-day” because the vendor is given no time, or zero days, to fix the vulnerability before it is actively exploited.
“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” Apple said in its security advisories, referring to the iPhone software released on October 11.
Apple also released Safari 17.1.2, an upgrade for people using older versions of macOS Monterey and macOS Ventura, the company said.
It is unknown who is taking advantage of these new zero-day vulnerabilities. Google has not yet assigned responsibility for the exploitation to a specific malevolent actor or government.