Google and Apple have released emergency security updates after discovering vulnerabilities that hackers have already used to launch real attacks on users.
Google and Apple have released emergency security updates after discovering vulnerabilities that hackers have already used to launch real attacks on users.
According to TechCrunch, Google was the first to patch several vulnerabilities in its Chrome browser. The company confirmed that at least one of them was actively exploited before the patch was released. Google later clarified that the bug was discovered by specialists from Apple’s security team together with the Threat Analysis Group. This is a division of Google that specializes in tracking state-owned hacking groups and developers of commercial spyware.
Apple has also released security updates for iPhone, iPad, Mac, Vision Pro, Apple TV, Apple Watch, and Safari. The company said it had patched two critical vulnerabilities, which it said could be used in «extremely sophisticated attacks» against specific targets. The devices were running versions of iOS prior to iOS 26.
Apple traditionally does not disclose details of such incidents, but such terms usually refer to zero-day attacks — when a vulnerability is exploited before the manufacturer knows about it. In previous cases, such attacks have been linked to surveillance tools used by government agencies to hack the smartphones of journalists, activists and human rights defenders.
The companies have not said how many users may have been affected or who may have carried out the attacks, but the involvement of teams specializing in government cyber operations suggests a high level of threat.
Zero-day attacks are considered some of the most dangerous because users are left unprotected until a patch is released. That’s why cybersecurity experts advise installing updates as soon as they become available, even if the system does not signal any critical issues.
Earlier, dev.ua wrote that despite years of updates and hardware protections, Intel processors are again vulnerable to Spectre-class attacks. Researchers from ETH Zurich have discovered a new way to bypass protections, potentially allowing sensitive information to be read from other applications or even from cloud environments.
