Security News > 2023 > February > Apple fixes zero-day spyware implant bug – patch now!
Apple has just released updates for all supported Macs, and for any mobile devices running the very latest versions of their respective operating systems.
Apparently, tvOS recently received a product-specific functionality fix that already used up the version number 16.3.1 for Apple TVs. As we've seen before, mobile devices still using iOS 15 and iOS 12 get nothing, but whether that's because they're immune to this bug or simply that Apple hasn't got round to patching them yet.
The bug also receives Apple's usual euphemism for "This is a zero-day hole that crooks are already abusing for evil ends, and you can surely imagine what those might be", namely the words that Apple is aware of a report that this issue may have been actively exploited.
If you have an Apple product on the list above, do an update check now.
If your Apple product isn't on the list, notably if you're stuck back on iOS 15 or iOS 12, there's nothing you can do right now, but we suggest keeping an eye on Apple's HT201222 page in case your product is affected and does get an update in the next few days.
As you can imagine, given how strictly Apple locks down its mobile products to stop you using apps from anywhere but the App Store, over which it exerts complete commercial and technical control.
News URL
https://nakedsecurity.sophos.com/2023/02/14/apple-fixes-zero-day-spyware-implant-bug-patch-now/
Related news
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)