Security News > 2023 > September > Apple squashes security bugs after iPhone flaws exploited by Predator spyware

Apple has emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.

We've just learned today that the Predator spyware sold by Intellexa used these vulnerabilities to infect at least one target's iPhone.

Each bug, according to Apple, "May have been actively exploited against versions of iOS before iOS 16.7," meaning so far it's only aware that certain versions of iOS have been attacked.

MacOS Monterey 12.7: CVE-2023-41992 [advisory] macOS Ventura 13.6: CVE-2023-41991 and CVE-2023-41992 [advisory] watchOS 9.6.3: CVE-2023-41991 and CVE-2023-41992 [advisory] watchOS 10.0.1: CVE-2023-41991 and CVE-2023-41992 [advisory] iOS 16.7 and iPadOS 16.7: CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later) [advisory] iOS 17.0.1 and iPadOS 17.0.1: CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993 [advisory] Safari 16.6.1: CVE-2023-41993 [advisory].

Just as we were writing up this article, Google got back to us with this advisory by Stone, who said Intellexa's Predator snoopware abused the bugs on iOS to infect at least one iPhone.

According to the Googler, the web giant and Citizen Lab - which are both openly concerned about commercial spyware - discovered and reported evidence of this exploitation last week to Apple to address.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/09/22/apple_emergency_patches/