Summary: Apple has announced that it has patched a couple of zero-day bugs on iOS. The company credits Google’s Threat Analysis Group for one of the discoveries. This also suggests that state-sponsored hackers likely used these exploits.
If you’ve been putting off updating your iPhone or iPad, now is not the time to “wait and see.”
Yes, we get it. Installing a system update can be a pain. The download takes forever, it interrupts what you’re doing, and the “Your iPhone will restart” message always seems to pop up right when you actually need to use your phone. But after we learnt about this iOS zero-day vulnerability, you don’t want to ignore this one.
Apple has issued a patch to fix this zero-day vulnerability, which attackers may have already exploited in the wild.
According to Apple, two major vulnerabilities were patched in iOS 18.4.1 and iPadOS 18.4.1. Hackers used both in what Apple described as “an extremely sophisticated attack against specific targeted individuals.” Basically, these attacks have already taken place. It’s not some theoretical vulnerability that could be exploited. Hackers were actively using these exploits to break into devices.
Possible state-sponsored hacking
Apple has credited Google’s Threat Analysis Group with discovering one of the bugs. According to TechCrunch, the group investigates government-backed cyberattacks, which makes it possible that state-sponsored hackers are using these exploits.
Apple discovered one of the bugs in CoreAudio, its behind-the-scenes audio engine. Hackers could abuse it by simply tricking someone into opening a malicious audio file. The other flaw was even more dangerous. Attackers can bypass Pointer Authentication, an iOS security feature that protects memory from tampering. This feature stops bad actors from injecting code into the system. Apple patched both and rolled out updates across its ecosystem, including macOS Sequoia, Apple TV, and Vision Pro.
Keeping yourself safe
Zero-day vulnerabilities like these are especially dangerous because they’re unknown to the vendor and exploited before a fix is available. That’s what makes security updates so crucial. It’s also not just about updating your software. Here are some quick best practices to keep yourself safe.
For starters, don’t click suspicious links in emails, texts, or social DMs even if they look urgent. You’ll also want to avoid downloading files or attachments from unknown senders. Also, stick to the App Store when installing apps. Don’t sideload apps from sketchy sources. Lastly, use strong, unique passwords and enable two-factor authentication wherever possible.
