Security News > 2023 > May > Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!
Apple have just introduced "Rapid Security Responses." People are reporting that they take seconds to download and require one super-quick reboot.
These new Rapid Security Responses were only available for the very latest version of macOS and the latest iOS/iPadOS, which left users of older Macs and iDevices, as well as owners of Apple Watches and Apple TVs, in the dark.
Apple's description of the new rapid patches implied that they'd typically deal with zero-day bugs that affected core software such as the Safari browser, and WebKit, which is the web rendering engine that every browser, and every program that displays HTML files for any reason, is obliged to use on iPhones and iPads.
Technically, you can create an iPhone or iPad browser app that uses the Chromium engine, as Chrome and Edge do, or the Gecko engine, as Mozilla's browsers do, but Apple won't let it into the App Store if you do.
Well, Apple just followed up its latest Rapid Security Resonse patches with full-on updates for all its supported products, and inamongst the security bulletins for those patches, we've finally found out what those Rapid Responses were there to fix.
As you can imagine, combining these three zero-days would be the equivalent of a home run to an attacker: the first bug reveals the secrets needed to exploit the second bug reliably, and the second bug allows code to be implanted to explopit the third.
News URL
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)