Apple patches info-stealing, zero day bugs in iPads and Macs

Clement Lecigne of Google’s Threat Analysis Group (TAG) was credited for discovering and reporting the flaws.

Apple did not share the exact nature of the exploits discovered in the wild. “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,” Apple said.

The patches dubbed iOS 17.1.2, iPadOS 17.1.2, and Safari 17.1.2, have been released for a range of Apple devices suspected of carrying these vulnerabilities.

Webkit serves as a lucrative attack surface

Apple restricts third-party web browsers including Google Chrome, Mozilla Firefox, Microsoft Edge, and others, to use any other browser engine than Webkit which makes it the prime target for attackers looking to infect Apple devices.

A new proof of concept (PoC) exploit published recently has been demonstrated by a group of US and German university professors to steal sensitive user data from Apple devices by improving on side channel attack techniques used by Spectre and MeltDown, which alarmed CISOs when the vulnerabilities first surfaced in 2018.

Apple has had a busy year of patches with several bugs in its devices being exploited in the wild. Earlier in June, the company patched a couple of remote code execution (RCE) zero days that were allegedly exploited under a digital spy campaign, Operation Triangulation.