Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware
Summary
Apple has patched a decade-old zero-day vulnerability in iOS, impacting all versions since 1.0. The vulnerability was reportedly exploited in a highly sophisticated attack targeting specific individuals, potentially involving commercial spyware.
IFF Assessment
The disclosure of an actively exploited zero-day vulnerability means attackers already have a working exploit.
Severity
Defender Context
Defenders need to ensure all Apple devices are updated to the latest iOS version to mitigate this actively exploited vulnerability. The mention of "extremely sophisticated attack" and possible commercial spyware suggests a need to monitor for advanced persistent threats (APTs) and review endpoint detection and response (EDR) configurations. It also highlights the ongoing threat of zero-day exploits and targeted attacks.