Recently, there has been a noticeable increase in the number of attackers targeting Apple, especially by using zero-day exploits. Among the main reasons why hackers like zero-day exploits so much are because they might just become the most valuable asset in a hacker’s portfolio. As of 2022, Apple has discovered seven zero-day vulnerabilities in its products and has followed up on these discoveries with relevant updates to address these issues. Even so, it seems as though there will not be an end to this classic cat-and-mouse game anytime soon.
During 2021, there were more than double the amount of zero-days recorded, compared to the same year in 2020. This is the highest level since tracking began in 2014, with the number of zero-days increasing every year since then – the trend has been demonstrated by the repository maintained by Project Zero.
As described by the MIT Technology Review, the increase in hacking over the past few years has been attributed to the rapid proliferation of hacking tools globally and the willingness of powerful state and non-state groups to invest handsomely in discovering and infiltrating these operating systems. Threat actors actively search for vulnerabilities and then sell the information about those vulnerabilities to the highest bidder.
Apple has repeatedly been compromised by these attackers. In 2022, Apple, one of the four most dominating IT companies in the world, is advancing into a year where it is welcoming a new year with two zero-day bugs in its operating systems, a WebKit flaw that could have left users’ browsing data vulnerable and after recovering from 12 recorded exploits and remediations in 2021, they have been hit by two zero-day bugs in their operating systems.
The company released 23 security patches less than one month after it discovered these issues. A new flaw was discovered that could be exploited by attackers to exploit a user’s device if certain malicious websites are loaded onto a user’s device, leading to an infection of their device.
Read the full article here