Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.
The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as three CVE-listed flaws. We’ve just learned today that the Predator spyware sold by Intellexa used these vulnerabilities to infect at least one target’s iPhone.
The bugs are:
- CVE-2023-41991: According to Apple, “a malicious app may be able to bypass signature validation,” and was fixed by correcting “a certificate validation issue.”