Apple Releases Updates to Fix Zero-Day Spyware Implant Bug
Apple has released updates for all of its supported Macs and mobile devices running the latest operating system versions. The updates include patches for a security bug that allowed spyware or jailbreak-type software to exploit vulnerabilities. iPhones and iPads that have version 16 are updated to iOS 16.3.1 and iPadOS 16.3.1 respectively. Meanwhile, Apple Watches on version 9 go to watchOS 9.3.1, while Macs running Ventura (version 13) are updated to macOS 13.2.1. Macs running Big Sur (version 11) and Monterery (version 12) get an update dubbed Safari 16.3.1. Even tvOS receives an update, though it goes to tvOS 16.3.2.
What is the Zero-Day bug?
The bug, dubbed CVE-2023-23529, was discovered in Apple's WebKit component, which is responsible for processing data fetched from remote web servers to display on Safari and other web-based windows in many other apps. It allows attackers to implant malware invisibly when a user visits a booby-trapped website.
What can be done to prevent the bug?
Apple users can check for the update now, with the instructions for doing so being Apple menu > About this Mac > Software Update on Macs and Settings > General > Software Update on iDevices. The update patches the security hole and protects users from the malicious bug. Apple's official HT201222 Security Updates portal will notify users when patches for older mobile devices are available.
Why are Apple mobile devices at risk?
Even non-Apple browsers such as Chrome and Firefox use WebKit as Apple's AppStore rules require them to do so. Hence, these browsers, too, could potentially be affected by the WebKit bug. All browsers on iPhones and iPads are also required to use the operating system's own WebKit substrate.
Apple's recent updates for supported devices fix a zero-day bug that could have allowed spyware to exploit vulnerabilities in the system. All users are advised to update their systems to protect themselves from the security hole.