Apple announced on Thursday that its latest operating system updates patch three new zero-day vulnerabilities. Based on the previous work of the organizations credited for reporting the flaws, they have likely been exploited by a spyware vendor. The zero-days included a malicious app able to bypass signature verification, a kennel flaw that allows a local attacker to elevate privileges, and a WEBKIT bug that can be exploited for arbitrary code execution by luring the targeted user to a malicious webpage. Apple patched some or all of these vulnerabilities in Safari, iOS and iPadOS (including versions 17 and 16), macOS (including Ventura and Monterey), and watchOS.

Read more: https://www.securityweek.com/apple-patches-3-zero-days-likely-exploited-by-spyware-vendor-to-hack-iphones/