Security News > 2023 > February > Apple fixes zero-day spyware implant bug – patch now!
Apple has just released updates for all supported Macs, and for any mobile devices running the very latest versions of their respective operating systems.
Apparently, tvOS recently received a product-specific functionality fix that already used up the version number 16.3.1 for Apple TVs. As we've seen before, mobile devices still using iOS 15 and iOS 12 get nothing, but whether that's because they're immune to this bug or simply that Apple hasn't got round to patching them yet.
The bug also receives Apple's usual euphemism for "This is a zero-day hole that crooks are already abusing for evil ends, and you can surely imagine what those might be", namely the words that Apple is aware of a report that this issue may have been actively exploited.
If you have an Apple product on the list above, do an update check now.
If your Apple product isn't on the list, notably if you're stuck back on iOS 15 or iOS 12, there's nothing you can do right now, but we suggest keeping an eye on Apple's HT201222 page in case your product is affected and does get an update in the next few days.
As you can imagine, given how strictly Apple locks down its mobile products to stop you using apps from anywhere but the App Store, over which it exerts complete commercial and technical control.
News URL
https://nakedsecurity.sophos.com/2023/02/14/apple-fixes-zero-day-spyware-implant-bug-patch-now/
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)