Apple has released urgent updates across its devices to address two zero-day vulnerabilities that may have been actively exploited in targeted attacks on iOS users. The bugs were previously unknown to Apple and were being used to hack specific individuals.
Though Apple hasn’t disclosed the number of affected users or the identity of the attackers, the company acknowledged that one of the vulnerabilities was discovered by Google’s Threat Analysis Group, which tracks nation-state-backed cyberattacks. This suggests the attacks could have been launched by a government entity, possibly involving spyware or other remote tools.
Details of the Vulnerabilities
- Core Audio Bug: This flaw affects Apple’s Core Audio system, allowing attackers to exploit a malicious audio file to execute harmful code on a device.
- Pointer Authentication Bypass: The second issue lets attackers bypass Apple’s pointer authentication, weakening the defense against malicious code injection.
Updates Released
To fix these vulnerabilities, Apple has rolled out updates:
- macOS Sequoia updated to 15.4.1.
- iOS 18.4.1 released for iPhones and iPads.
- Apple TV and Vision Pro also received the same security patches.