Introduction
Apple has urgently released security updates to address a critical vulnerability, which it warns "may have been exploited in an extremely sophisticated attack against specific targeted individuals."
Vulnerability Details
The security flaw, known as a "zero-day vulnerability," was discovered in WebKit—the browser engine that powers Apple's Safari browser and many other applications. According to Apple, attackers leveraged "maliciously crafted web content" to bypass WebKit's protective sandbox. Typically, sandboxing confines attackers even after a successful breach, preventing further access to other parts of the system. However, this particular vulnerability enabled hackers to escape these restrictions, potentially exposing sensitive user data.
Affected Devices
The company issued updates on Tuesday, covering Macs, iPhones, iPads, Safari, and its Vision Pro headset, specifically highlighting devices running software versions earlier than iOS 17.2 as vulnerable.
Apple has not publicly identified the attackers or their victims, and the company declined further comment when requested.
Historical Context
Notably, Apple used identical language—"an extremely sophisticated attack against specific targeted individuals"—in February when disclosing a similar but apparently unrelated vulnerability. Prior to February, Apple had never employed this phrasing, signaling a possible increase in the complexity and severity of cyber threats targeting its users.
