Apple fixes new security flaw used in ‘extremely sophisticated attack’

Apple released patches for a bug that it says “may have been exploited in an extremely sophisticated attack against specific targeted individuals,” citing a report.

The zero-day bug was found in WebKit, the browser engine powering Safari and other apps, and allowed hackers to break out of WebKit’s protective sandbox with “maliciously crafted web content,” per Apple. A sandbox is part of the operating system that, even if compromised, can keep hackers from accessing data in other parts of the system. 

The patch was released on Tuesday for Macs, iPhones and iPad, Safari, and its Vision Pro headset.

Apple noted that the attack was exploited against devices running software “before iOS 17.2.”

Neither the hackers nor targets were disclosed. Apple did not respond to a request for comment. 

In February, Apple used the same language — “an extremely sophisticated attack against specific targeted individuals” — for another bug, but there is no evidence the two attacks are connected. Before that February patch, Apple had never used this wording before.