Security News > 2023 > February > Apple splats zero-day bug, other gremlins in macOS, iOS

Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit browser engine that's reported to have been actively exploited.

Apple's advisory says the company "Is aware of a report that this issue may have been actively exploited." It credits an anonymous researcher for reporting the bug and its iOS advisory also acknowledges "The Citizen Lab at The University of Toronto's Munk School for their assistance."

Citizen Lab has a history of documenting vulnerabilities in Apple software that have been exploited by government authorities using commercial spyware like NSO Group's Pegasus.

Apple did not immediately respond on the record to a request to comment about whether this zero-day is being exploited by commercial spyware customers.

Apple provides few details about its fix beyond noting that it addressed the privacy issue in the Shortcuts component by improving how the operating system handles temporary files.

In January, Apple backported a fix from last year for a WebKit flaw under active exploitation to iPhone 5 and similarly outdated devices running iOS 12.5.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/15/apple_patches_zeroday_vulnerability/