Apple has released critical software updates to address two zero-day security vulnerabilities in its mobile operating system, iOS. Which the company believes may have been exploited in highly targeted attacks against specific individuals. These vulnerabilities were previously unknown to Apple at the time they were being actively exploited. Making them classified as zero-day bugs.
The details surrounding these attacks remain scarce, including information on the number of users affected. Also the identities of the attackers, or whether any devices were successfully compromised. Apple has yet to respond to TechCrunch’s request for further comment.
One of the vulnerabilities was discovered by security researchers from Google’s Threat Analysis Group, which specializes in investigating cyberattacks often linked to government-backed entities. This raises the possibility that the attacks targeting Apple devices were the result of state-sponsored cyber-operations. Google has not yet provided a statement regarding the discovery.
The first flaw affects Apple’s Core Audio system, a key component responsible for managing audio across Apple products. An attacker could exploit this vulnerability by sending a specially crafted media file to a device. Enabling them to execute malicious code. This type of exploit could have serious consequences, as it would allow unauthorized access to device functions.
The second vulnerability, which Apple discovered internally, allows attackers to bypass pointer authentication, a security measure used to protect the device’s memory from being tampered with. This could make it easier for attackers to inject malicious code into a device, compromising its security.
Apple has released software updates to fix these vulnerabilities in its various devices. The updates include macOS Sequoia 15.4.1 and iOS 18.4.1, which also apply to Apple TV and the Vision Pro mixed-reality headset. These patches are aimed at addressing the security flaws and preventing potential future attacks, ensuring that users are better protected against exploitation.
Although the company has patched these vulnerabilities, the lack of information regarding the scale of the attacks, as well as the possible involvement of government-backed cyber groups, underscores the growing concerns about targeted and sophisticated cyberattacks. Users are encouraged to install the latest updates as soon as possible to safeguard their devices.
