Apple Issues ‘Zero-Day Alert’ For Users

Apple users have been issued an urgent warning or “zero-day alert” for iPhones, iPads and MacBooks, as the company has discovered “system vulnerabilities.”

Shelly Palmer, a tech consultant, said in an email to subscribers that a “zero-day alert” is “geekspeak for system vulnerabilities serious enough to warrant a software update.”

He urged anyone with one of three Apple devices to immediately update.

“I just updated my iPhone, MacBooks, and iPads – you should, too.”

“For my geekiest readers: the identified vulnerabilities are particularly concerning because they affect WebKit, the rendering engine used for all third-party web browsers on iOS and iPadOS, including popular ones like Google Chrome, Mozilla Firefox, and Microsoft Edge.”

“Apple’s restriction – “Apps that browse the web must use the appropriate WebKit framework and WebKit JavaScript” – makes Webkit a particularly inviting target.”

“For normal people: Do not put this off. Go to the settings menu on all your Apple devices and update your software ASAP.”

“You know the cliche: ‘Security is a lot like oxygen. You don’t miss it until it isn’t there.’”

Securityaffairs.com, a tech security website, has further explained the weak spots in more detail, saying the “flaws are actively exploited in attacks in the wild,” where users can be tricked into visiting “specially crafted web content to disclose sensitive information.”

The second issue was related to memory corruption, where users can be tricked into visiting “specially crafted web content to potentially execute arbitrary code on the impacted devices.”

Apple addressed these by improving input validation (for the first one), and improved locking (for the second one).

Securityaffairs.com noted “Clément Lecigne of Google’s Threat Analysis Group discovered both vulnerabilities.”