In a swift response to emerging threats, Apple has released emergency security updates to patch three zero-day vulnerabilities actively exploited in attacks. “Apple is aware of a report that this issue may have been actively exploited,” states the official security advisory, highlighting the immediacy of the threat and the company's proactive measures to safeguard user security.
Vulnerabilities in WebKit and two Frameworks
The vulnerabilities, identified in the WebKit browser engine, the Security framework, and the Kernel Framework, had the potential to allow attackers to execute arbitrary code, bypass signature validation, and escalate privileges. The company has addressed these vulnerabilities in various versions of macOS, iOS, iPadOS, and watchOS, ensuring the security of a wide range of devices, including iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey and newer, and Apple Watch Series 4 and later.
Official Acknowledgement and Response
Apple's official announcement confirms the active exploitation of these vulnerabilities, particularly against versions of iOS before iOS 16.7. The company has acknowledged the contributions of Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group in identifying and reporting these security flaws. Apple says they remain committed to addressing security issues promptly.