Apple issues security fixes for zero-day vulnerabilities

Apple has released emergency security patches for its core products just days after rolling out brand new versions of their operating systems. On Thursday, the company updated iOS/iPadOS 17 and WatchOS 10 with fixes aimed at patching several zero-day vulnerabilities that could leave a device open to a particular form of spyware.

iPhone, iPad, and Apple Watch owners are urged to update their devices with this latest round of security fixes. On your iPhone or iPad, go to Settings, select General, tap Software Updates, and then tap the Update Now button. For an Apple Watch, open the Watch app on your phone. At the My Watch tab, head to General, select Software Update, and install the latest update.

Owners of the new iPhone 15 will find iOS 17.0.2 waiting. Users of older iPhones will jump to iOS 17.0.1. And Apple Watch wearers will install WatchOS 10.0.1.

At its support pages for the iOS/iPadOS updates and the WatchOS update, Apple revealed that the vulnerabilities may have been actively exploited on versions prior to iOS 16.7. The company gave credit for discovering the bugs to Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.

Through Apple didn’t reveal the nature of the vulnerabilities, both The Citizen Lab and Google’s Threat Analysis Group released their own reports that described the threat to targeted devices.

In a Friday blog post, Google’s Threat Analysis Group explained that Apple’s security updates were issued in response to a zero-day exploit chain being used to install Predator spyware developed by Egyptian commercial surveillance vendor Intellexa. This type of spyware can record audio from regular phone and VoIP audio calls. Predator is also able to gather data from popular chat and calling apps, including WhatsApp, Telegram, and Signal.

The process worked through a man-in-the-middle attack in which a victim tries to visit an http website. With such traffic unencrypted, the attacker can send fake data back to the user to redirect them to an Intellexa website and exploit server. From there, the spyware could be installed without the user having to open any documents, clicking any specific links, or answering any phone calls.

September 25, 2023

Written by Lance Whitney

Click to read the entire article on ZDNet

More Posts

June 4 6pm

It appears that Hostgator has finally resolved the DNS and SSL Certificate issues with all of the domains. While this did not impact the ability

June 1 through 4, 2026

Monday, I had contacted Hostgator about the “Error. Page cannot be displayed. Please contact your service provider for more details.” message that is appearing on

May 26 through 28, 2026

This week I will be preparing for the end of month. I will continue to be working on my online courses. The information from these