Apple is rolling out new security updates to protect users against spyware attacks targeting critical weaknesses in its platforms.
iOS and macOS customers are being treated to a plurality of updates, each packing multiple fixes for newly-discovered security holes.
Two of those weaknesses, tracked as CVE-2023-32434 and CVE-2023-32435, have allegedly been used in spyware attacks since 2019, according to Kaspersky researchers who discovered and relayed the issues to Cupertino.
The flaws have been used in targeted attacks via iMessage, without requiring interaction from the victim, in what is known as a zero-click exploit. The Russian security outlet dubbed the hacking campaign “Operation Triangulation.”
According to the firm, even some iPhones on its network were infected with spyware via iMessage zero-click exploits, BleepingComputer reports.
A third zero-day flaw, tracked as CVE-2023-32439, is also patched in this round of updates. Apple credits an anonymous researcher for this finding, and claims that this issue may have been actively exploited as well.
iOS 15.7.7 fixes the threat for iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) .
iOS 16.5.1 includes patches for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
On the desktop front, users are offered the precious fixes as part of macOS Big Sur 11.7.8, macOS Monterey 12.6.7, and macOS Ventura 13.4.1.
The full list of security fixes can be found on Apple’s Support site.
While most attacks on Apple platforms are highly targeted, it’s important that everyone stay on the safe side and patch as soon as possible.
Android devices are also targeted by spyware-wielding threat actors.
Both iPhone and Android users should consider deploying a dedicated security solution to stay safe from online threats at all times.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024