Apple's Zero-Day Woes Continue
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.
A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.
Search across headline titles and summaries.
Background for this topic.
0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.
Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.
Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild
More Apple zero-days - mobile devices, laptops and desktops affected. Update now!
The exploit requires a specific nonstandard configuration to work, limiting the danger it poses, but future research could turn up more broadly usable attacks.
Apple has released security updates on Thursday to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs. [...]
The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system
Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. [...]
Latest episode - listen now!
A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account
A proof-of-concept exploit allows remote compromises of Spring Web applications.
A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. [...]
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
An interactive static analyzer gives developers information on potential risks arising from user inputs while they code. This could be a game-changer.
New vulnerability study shows how "attacker economies of scale" have shaped the risk landscape.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch a Google Chome zero-day and a critical Redis vulnerability actively exploited in the wild within the next three weeks. [...]
Researchers find a spike in zero-day exploits and faster exploitation speeds in 2021
CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!