Apple has released a patch for the bug that it “may have been exploited in a very sophisticated attack on a particular targeted individual.”
The Zero Day bug was found on WebKit, a browser engine powered by Safari and other apps, and according to Apple, hackers were able to escape WebKit's protective sandbox with “malicious web content.” A sandbox is part of an operating system that prevents hackers from accessing data from other parts of the system, even if it is compromised.
The patch was released on Tuesday for Mac, iPhone, iPad, Safari and its Vision Pro headsets.
Is there any more information about Apple vulnerabilities or cyberattacks against Apple users? From unprocessed devices and networks, you can safely contact Lorenzo Franceschi-Bicchierai with a signal of +1 917 257 1382, via Telegram and Keybase @lorenzofb, or by email. You can also contact TechCrunch via SecureDrop.
Apple noted that the attack was exploited against devices running the software “before iOS 17.2.”
Neither hacker nor targets have been disclosed. Apple did not respond to requests for comment.
In February, Apple used the same language (a very sophisticated attack on a particular targeted individual) for another bug, but there is no evidence that the two attacks are connected. Before that February patch, Apple had never used this language before.