Apple patches zero-day security flaw exploited in ‘extremely sophisticated attack’ | Technology News
Apple has said it has addressed a security vulnerability in its Safari browser that may have been exploited by threat actors to launch an “extremely sophisticated attack against specific targeted individuals.”
In response to the zero-day vulnerability, the iPhone-maker on Tuesday, March 11, released security patches for Macs, iPhones, iPads, and Vision Pro headsets, according to a report by TechCrunch.
A zero-day attack exploits a security bug that developers don’t know about and haven’t patched yet.
The attack targeted Apple devices running software versions before iOS 17.2, according to the company. It further revealed that the security flaw was found in Apple’s browser engine called WebKit that powers Safari and other apps.
It was exploited by the hackers to bypass WebKit’s protective sandbox with “maliciously crafted web content.”
The WebKit sandbox is designed to keep other parts of the operating system safe from hackers in case the system security has been compromised. However, Apple did not disclose specifics such as the location of the threat actors, their modus operandi, potential victims of the hack, etc.
Apple had disclosed that another bug had similarly led to “an extremely sophisticated attack against specific targeted individuals” in February this year.
