Security News > 2023 > April > Apple squashes iOS, macOS zero-day bugs already exploited by snoops
Apple rolled out patches on Good Friday to its iOS, iPadOS, and macOS operating systems and the Safari web browser to address vulnerabilities found by Google and Amnesty International that were exploited in the wild.
The updates are to iOS 16.4.1, iPadOS 16.4.1, Safari 16.4.1, and macOS 13.3.1.
Apple released iOS 16.4 and macOS 13.3 March 27.
Apple credited researchers Clément Lecigne of Google's Threat Analysis Group and Donncha Cearbhaill of Amnesty International's Security Lab with finding and reporting these latest holes.
Apple patches all the iThings, including iOS 15 hole under attack right now US cybersecurity chief: Software makers shouldn't lawyer their way out of security responsibilities Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs Apple splats zero-day bug, other gremlins in macOS, iOS. Separate from the above, these fixes come after Google TAG and Amnesty International released reports on March 29 about two campaigns in which iOS and Android users had spyware slipped on their devices by some crew or other.
TAG detailed a campaign exploiting zero-days in both Android and iOS. Amnesty didn't name the malware maker in its write-up, but said the infections indicated the "Advanced spyware campaign" was "Developed by a commercial cyber-surveillance company and sold to governments hackers to carry out targeted spyware attacks." The campaign has been active since at least 2020.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/04/10/apple_fix_ios_macos/
Related news
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Patches Two Zero-Day Attack Vectors (source)