Apple has launched security updates for iPhones, iPads and Macs to patch in opposition to two vulnerabilities, which the corporate says are being actively exploited to hack folks.
The know-how large rolled out new software program updates, iOS and iPadOS 17.1.2, and macOS 14.1.2, following a vulnerability disclosure by security researchers at Google’s Risk Evaluation Group, which investigates government-backed cyberattacks.
Within the updates rolled out Thursday, Apple stated it mounted two vulnerabilities in WebKit, the browser engine that powers Safari and different apps. The vulnerabilities enable for hackers to remotely plant malicious code, corresponding to adware, on the particular person’s machine over the web. The bug is named a “zero-day” as a result of the seller is given no time, or zero days, to repair the vulnerability earlier than it’s actively exploited.
“Apple is conscious of a report that this subject might have been exploited in opposition to variations of iOS earlier than iOS 16.7.1,” Apple stated in its security advisories, referring to the iPhone software program launched on October 11.
Apple additionally rolled out an replace to its browser, Safari 17.1.2, for customers operating older variations of macOS Monterey and macOS Ventura, the corporate stated.
It’s not identified who’s exploiting these new zero-day vulnerabilities. Google has not but attributed the exploitation to a specific malicious actor or authorities. Apple and Google didn’t present additional particulars of the vulnerabilities.
Earlier this week, Google patched its personal zero-day vulnerability in Google Chrome, which the search large stated it was conscious that an exploit for the vulnerability “exists within the wild.” Google security researcher Maddie Stone stated in a put up on X, previously Twitter, that the Chrome bug was mounted inside 4 days. Apple mounted the bug reported by Google’s researchers in slightly below every week.
