I wonder if LockDown Mode would have helped to block this hole from being exploited in iOS and macOS. And another question is, if this malware would be able to break out of the browser sandbox to elevate priviliges. Too bad they don't mention this stuff. https://www.bleepingcomputer.com/ne...bkit-zero-day-exploited-to-hack-iphones-macs/ https://www.makeuseof.com/how-to-use-lockdown-mode-in-macos-ventura/
Turns out that Apple is now even trying to fool people, because turns out they actually fixed a couple of extra holes as well that could bypass the macOS sandbox. But they decided to keep quiet about it. https://www.trellix.com/en-us/about...ge-escalation-bug-class-on-macos-and-ios.html
More zero days in Safari and iOS/macOS that are actively being exploited: https://www.bleepingcomputer.com/ne...tes-fix-3-new-zero-days-exploited-in-attacks/
It's much broader than that; Android (OS) and Chrome-ish browsers are affected as well: https://blog.isosceles.com/the-webp-0day/
OK I see, I didn't know it was related to this huge hole that affected many apps. I think it's described over here in this article, see link. What's worth mentioning is that this year, Apple had to patch 16 zero day exploits in iOS and macOS that were all being exploited in the wild, especially on iOS as far as they know. https://www.bleepingcomputer.com/ne...hrome-zero-days-exploited-in-spyware-attacks/
