Apple says zero-day iOS bugs exploited against 'specific targeted individuals'
a year ago
- #Security
- #Zero-Day
- #Apple
- Apple released software updates to fix two security vulnerabilities that may have been actively exploited.
- The vulnerabilities were zero-day, meaning they were unknown to Apple while being exploited.
- One vulnerability affects Apple's Core Audio, allowing execution of malicious code via a crafted media file.
- The other vulnerability bypasses pointer authentication, making it easier to inject malicious code.
- Updates were released for macOS Sequoia (15.4.1), iOS (18.4.1), Apple TV, and Vision Pro.
- Google's Threat Analysis Group discovered one of the bugs, suggesting possible nation-state involvement.
- Apple did not disclose the attackers' identity, the number of affected users, or successful compromises.