That’s according to a report Friday (Aug. 22) by Dark Reading, which noted this is the latest in a string of zero-day vulnerabilities the company has disclosed this year.
Zero-day vulnerabilities—unknown security flaws in software or hardware—are in many cases spotted first by hackers, quietly exploited and revealed only after the damage is done.
In this case, the report said, Apple was faced with an out-of-bounds write issue which was used in “extremely sophisticated” targeted attacks.
“Processing a malicious image file may result in memory corruption,” the tech giant’s security advisory said. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
Apple said the vulnerability was found by employees and affects iOS, iPadOS and macOS, and it has been addressed with improved bounds checking in the most up-to-date versions of these operating systems.
Dark Reading noted that Apple typically does not offer further technical details of the vulnerability or insights into the exploitation other than to characterize the cyberattacks as sophisticated. The company began using such terminology in some advisories this year, the report said, presumably to denote nation-state threats and spyware activity.
PYMNTS wrote in July about the rise of zero-day attacks recently following a data breach at Salesforce that affected customers of Google, noting that this trend has led to a corresponding rise of a new category of cybersecurity tools.
“They’re AI-first threat prevention platforms that don’t wait for alerts but seek out weak points in code, configurations or behavior, and they take defensive action automatically,” the report said.
For CFOs, it could bring about a “change in cybersecurity economics,” as prevention at this scale could cost less and be more scalable, but only provided that the AI is accurate and accountable.
“The models are only as good as the data being fed to them,” Boost Payment Solutions Chief Technology Officer Rinku Sharma told PYMNTS in an April interview. “Garbage in, garbage out holds true even with agentic AI.”
Research by PYMNTS Intelligence has shown that the share of chief operating officers who said their companies had employed AI-powered automated cybersecurity management systems had climbed from 17% in May 2024 to 55% in August of the same year.