Apple修复了WebKit引擎中的零日漏洞,该漏洞可能被用于针对特定目标的复杂攻击。补丁适用于Mac、iPhone、iPad、Safari和Vision Pro设备。攻击针对运行旧版iOS 17.2之前的设备。苹果未透露攻击者和目标,并拒绝置评。此前二月类似事件无关联。 2025-3-11 20:3:10 Author: techcrunch.com(查看原文) 阅读量:33 收藏
In Brief
Posted:
Apple released patches for a bug that it says “may have been exploited in an extremely sophisticated attack against specific targeted individuals,” citing a report.
The zero-day bug was found in WebKit, the browser engine powering Safari and other apps, and allowed hackers to break out of WebKit’s protective sandbox with “maliciously crafted web content,” per Apple. A sandbox is part of the operating system that, even if compromised, can keep hackers from accessing data in other parts of the system.
The patch was released on Tuesday for Macs, iPhones and iPad, Safari, and its Vision Pro headset.
Contact Us
Do you have more information about Apple vulnerabilities, or cyberattacks against Apple users? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
Apple noted that the attack was exploited against devices running software “before iOS 17.2.”
Neither the hackers nor their targets were disclosed. Apple did not respond to a request for comment.
In February, Apple used the same language — “an extremely sophisticated attack against specific targeted individuals” — for another bug, but there is no evidence the two attacks are connected. Before that February patch, Apple had never used this wording before.
Subscribe for the industry’s biggest tech news
Related
如有侵权请联系:admin#unsafe.sh