Apple has released new software updates throughout its product line to fix two security vulnerabilities. The company said it could be actively used to hack customers iOS running mobile software.
A security advisory posted to the website confirmed that Apple has fixed two zero-day vulnerabilities.
Bugs are considered zero days. Because they are misused and are not known to Apple.
It remains to be seen who is behind the attack, how many Apple customers were targeted, or what was successfully breached. An Apple spokesman did not return a TechCrunch investigation.
Apple has confirmed the discovery of one of two bugs for security researchers working at Google’s threat analysis group, which investigates government-sponsored cyberattacks. This could indicate that an attack targeting Apple customers has been launched or coordinated by a national or government agency. Some government-sponsored cyberattacks are known to involve the use of remotely planted spyware and other phone unlock devices.
A Google spokesman did not immediately comment when TechCrunch reached it.
Apple said one of the bugs will affect Apple’s core audio. It is a system-level component that Apple uses in a variety of products to allow developers to interact with device audio. Apple said that bugs could be exploited by handling audio streams with malicious media files that can run malicious code on malicious Apple devices.
Another bug that Apple has only made its own achievement for discovery allows attackers to bypass Pointer authentication. This is a security feature that Apple uses in its software, making it more difficult for an attacker to corrupt malicious code or inject malicious code into the memory of the device.
Apple released a software update for MacOS Sequoia, bumped the software version to 15.4.1, and released iOS 18.4.1, fixing security bugs on iPhone and iPad. Apple TV and its mixed Reality Headset Vision Pro also received the same security update.