Apple has issued patches to address a vulnerability that the company claims “may have been exploited in a highly sophisticated attack targeting specific individuals,” as stated in a report.
The zero-day exploit was discovered in WebKit, the browser engine that powers Safari and other applications, and enabled hackers to bypass WebKit’s sandbox using “maliciously crafted web content,” according to Apple. A sandbox is a component of the operating system that, even if compromised, can prevent hackers from accessing data in other parts of the system.
On Tuesday, Apple released the patch for Macs, iPhones and iPads, Safari, and its Vision Pro headset.
Contact Us
Do you have more information regarding Apple vulnerabilities or cyberattacks against Apple users? From a non-work device and network, you can securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
According to Apple, the attack was exploited against devices running software “prior to iOS 17.2.”
The identities of the hackers and their targets have not been disclosed. Apple did not respond to a request for comment.
In February, Apple used similar language – “an extremely sophisticated attack against specific targeted individuals” – to describe another bug, but there is no indication that the two attacks are connected. Prior to the February patch, Apple had never used this specific wording before.
Source Link
