Lorenzo Franceschi-Bicchierai

NEW: Apple published today a new version of iOS that fixed a zero-day exploited in the wild.

There's no details of who was using it, but the company thanked an anonymous researcher for reporting the bug, and Citizen Lab for "their assistance. đź‘€

The bug is in WebKit, which is historically a popular target for hackers. Since January of last year there have been nine bugs in iOS that “may have been actively exploited” in the wild, of which four in WebKit, according to our count.

https://techcrunch.com/2023/02/13/apple-releases-new-fix-for-iphone-zero-day-exploited-by-hackers/

TechCrunch is part of the Yahoo family of brands

Feb 13, 2023 at 10:30pmWeb
Show threadLorenzo Franceschi-BicchieraiFeb 15, 2023
I should have included this in the story. It's important to note that EVERY browser on iOS runs on WebKit. Switching to Chrome or Firefox won't make you safer.
Show threadChristina WarrenFeb 15, 2023
@lorenzofb I was very proud our IT Slackbot sent me a message telling me to update all my devices yesterday.
Show threadGuillaume RossFeb 15, 2023

@lorenzofb Some updating macOS are experiencing issues rebooting and being forced into recovery mode. In the wild exploited safari RCE is a bad time to have a flaky update 🥺

Wonder if 13.2.2 is gonna happen soon.

Show threadalCoPaULFeb 14, 2023
@lorenzofb it can stall the video player of youtube app and any safari rendered video and if you play mp3 files in the Files folder while your phone is in this state, it will stop/reset asap and won't play the song. the temporary solution was to only turn off and on your phone. likely they transmit it via bluetooth, wifi or airplay/airdrop.