Security News > 2023 > February > Apple splats zero-day bug, other gremlins in macOS, iOS
Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit browser engine that's reported to have been actively exploited.
Apple's advisory says the company "Is aware of a report that this issue may have been actively exploited." It credits an anonymous researcher for reporting the bug and its iOS advisory also acknowledges "The Citizen Lab at The University of Toronto's Munk School for their assistance."
Citizen Lab has a history of documenting vulnerabilities in Apple software that have been exploited by government authorities using commercial spyware like NSO Group's Pegasus.
Apple did not immediately respond on the record to a request to comment about whether this zero-day is being exploited by commercial spyware customers.
Apple provides few details about its fix beyond noting that it addressed the privacy issue in the Shortcuts component by improving how the operating system handles temporary files.
In January, Apple backported a fix from last year for a WebKit flaw under active exploitation to iPhone 5 and similarly outdated devices running iOS 12.5.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/15/apple_patches_zeroday_vulnerability/
Related news
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Patches Two Zero-Day Attack Vectors (source)