Apple fixes new security flaw used in ‘extremely sophisticated attack’

Apple released patches for a bug that it says “may have been exploited in an extremely sophisticated attack against specific targeted individuals,” citing a report.

The zero-day bug was found in WebKit, the browser engine powering Safari and other apps, and allowed hackers to break out of WebKit’s protective sandbox with “maliciously crafted web content,” per Apple. A sandbox is part of the operating system that, even if compromised, can keep hackers from accessing data in other parts of the system.

The patch was released on Tuesday for Macs, iPhones and iPad, Safari, and its Vision Pro headset.

Contact Us

Do you have more information about Apple vulnerabilities, or cyberattacks against Apple users? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . You also can contact TechCrunch via SecureDrop.

Apple noted that the attack was exploited against devices running software “before iOS 17.2.”

Neither the hackers nor their targets were disclosed. Apple did not respond to a request for comment.

In February, Apple used the same language — “an extremely sophisticated attack against specific targeted individuals” — for another bug, but there is no evidence the two attacks are connected. Before that February patch, Apple had never used this wording before.

Source: Original Article