Apple has launched safety updates for iPhones, iPads and Macs to patch in opposition to two vulnerabilities, which the corporate says are being actively exploited to hack folks.
The expertise big rolled out new software program updates, iOS and iPadOS 17.1.2, and macOS 14.1.2, following a vulnerability disclosure by safety researchers at Google’s Menace Evaluation Group, which investigates government-backed cyberattacks.
Within the updates rolled out Thursday, Apple stated it mounted two vulnerabilities in WebKit, the browser engine that powers Safari and different apps. The vulnerabilities permit for hackers to remotely plant malicious code, similar to spy ware, on the particular person’s machine over the web. The bug is known as a “zero-day” as a result of the seller is given no time, or zero days, to repair the vulnerability earlier than it’s actively exploited.
“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” Apple stated in its safety advisories, referring to the iPhone software program launched on October 11.
Apple additionally rolled out an update to its browser, Safari 17.1.2, for customers working older variations of macOS Monterey and macOS Ventura, the corporate stated.
It’s not recognized who’s exploiting these new zero-day vulnerabilities. Google has not but attributed the exploitation to a specific malicious actor or authorities. Apple and Google didn’t present additional particulars of the vulnerabilities.
Earlier this week, Google patched its personal zero-day vulnerability in Google Chrome, which the search big stated it was conscious that an exploit for the vulnerability “exists in the wild.” Google safety researcher Maddie Stone said in a post on X, previously Twitter, that the Chrome bug was mounted inside 4 days. Apple mounted the bug reported by Google’s researchers in slightly below per week.
