Apple has fixed a actively exploited WebKit bug (CVE-2024-23222) in iOS and macOS. and added a new security feature called Stolen Device Protection.
The bugs (CVE-2023-42916 and CVE-2023-42917) enable sensitive information disclosure and arbitrary code execution.
The three zero days (CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993) impact various versions of macOS, iOS, iPadOS and watchOS.
A new strain of infostealer targeting Macs, known as MetaStealer, is hitting enterprises.
Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch break down a busy news week, including Microsoft's revelations about the theft of its signing key, the Trickbot group sanctions, and some new Apple iOS zero days.