On Thursday, Google (GOOGL) announced that its Threat Analysis Group (TAG) discovered three high-severity, zero-day vulnerabilities under exploitation in Google’s browser and Apple’s (AAPL) OSes with lifespans of 48 hours. Apple stated that it was working to improve security vulnerabilities present in Safari engine drive, WebKit, found in its various mobile and PC data systems.
Google and Apple systems attacked by browser-lurking bugs
Researchers have noted that, due to Apple’s updated support for all iOS, macOS, and iPadOS versions, the bug may have been targeted at archaic Apple systems, presenting itself as CVE-2023-42916 and CVE-2023-42917. In a press release, the tech mega-giant stated:
Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
This episode of attacks follows Tuesday’s announcement when Google recognised a zero-day bug masquerading as CVE-2023-6345, which stemmed from an integer outflow targeting user content and processors. According to analysts, Chrome was hit with seven vulnerabilities – including the zero-day bug – meaning that the exploits were already entering user systems before the tech company learned of the breach.
______________________________________________________________________
Don’t miss out the latest news, subscribe to LeapRate’s newsletter
_______________________________________________________________________
Following the attacks, both companies urged their customers to update support systems and web browsers, and to reboot their devices. Thankfully, users will also receive reminders to restart their browsers if they do not do so immediately. A spokesperson from Google noted that the bug resided in a web component called Skia and was reported by TAG’s Benoît Sevens and Clément Lecigne.
