Apple patches 0-day exploited in “extremely sophisticated attack”

Apple has issued a fix for a zero-day vulnerability affecting iPhone models iPhone XS and later, and iPad models iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
The zero-day, tracked as CVE-2023-24201, resides in the operating system’s Webkit browser engine.
According to Apple, the exploit may have already been used in a highly targeted attack on specific individuals with older versions of iOS, but there is no indication of wider abuse.
The fix is included in iOS and iPadOS versions 18.3.2, and Apple urged all users to update promptly, particularly those who are likely targets of well-resourced nation-state attackers or law enforcement.
This escalation in cyber threats to iPhones follows the announcement by Apple late last year that it is discontinuing the iPhone 14 upgrade in mainland China, due to the difficult geopolitical business environment.

Fast Feed