Apple on Monday released a new version of the iPhone and iPad’s operating systems to fix a vulnerability that hackers were exploiting in the wild, meaning they were taking advantage of it to hack Apple devices.
On the security update page, Apple wrote that it “is aware of a report that this issue may have been actively exploited.” This is the language Apple uses when someone alerts the company that they have observed hackers exploiting a bug against targets in the real world, as opposed to a vulnerability found by a researcher in a controlled environment, so to speak.
In this case, Apple credited an anonymous researcher for the discovery, and also thanked Citizen Lab “for their assistance.” Citizen Lab is a digital rights research group housed at the University of Toronto’s Munk School, known for exposing the abuse of government hacking tools such as those made by NSO Group.
Apple’s spokesperson Scott Radcliffe told TechCrunch that the company has nothing to add apart from what’s in the release notes. Bill Marczak, a senior researcher at Citizen Lab, said that he and his colleagues have no comments for now.
This latest bug was in WebKit, Apple’s browser engine that’s used in Safari, and a historically popular target for hackers, since it can open up access to the rest of the device’s data.
In 2021, Motherboard reported that in just the first four months of that year, Apple had patched seven bugs exploited in the wild, of which six were in WebKit, a number that experts considered high at the time.
Since then, things have improved. According to TechCrunch’s count of vulnerabilities, since January 2022, there have been nine bugs in iOS that “may have been actively exploited,” of which four in WebKit. The others were three in the kernel, the core component of the operating system; one in AppleAVD, the company’s audio and video decoding framework; and one in IOMobileFrameBuffer, a kernel extension.
As usual, the chances that an average iPhone user will be targeted with a zero-day like this one are slim, but you should still update your phone.
Seeking to bring greater security to AI systems, Protect AI today raised $13.5 million in a seed-funding round co-led by Acrew Capital and Boldstart Ventures with participation from Knollwood Capital, Pelion Ventures and Aviso Ventures. Ian Swanson, the co-founder and CEO, said that the capital will be put toward product development and customer outreach as […]
Australian software giant Atlassian and Envoy, a startup that provides workplace management services, were at loggerheads on Thursday over a data breach that exposed the data of thousands of Atlassian employees. As first reported by Cyberscoop, a hacking group known as SiegedSec leaked data on Telegram this week that it claimed to have stolen from Atlassian. This […]
Google confirmed it’s putting an end to a feature that allowed users to access playable podcasts directly from the Google Search results in favor of offering podcast recommendations. Officially launched in 2019, the feature surfaced podcasts when they matched a user’s query, including in those cases where a user specifically included the word “podcast” in their search […]
Leave a Reply