Google and Apple have just released a series of software updates to deal with a dangerous cyber attack campaign that is said to have exploited previously unreported security vulnerabilities, also known as zero-day.
According to information from two major technology companies, the number of affected users has not yet been determined.
Recently, Google announced security patches for the Chrome browser, in which it admitted that at least one vulnerability had been actively exploited byhaters before being fixed.
Unlike the usual practice, Google initially did not disclose technical details about this error, the move is often applied in high-risk cases.
On Friday (local time), Google updated more information, saying the vulnerability was discovered by a team of Apple security engineers in collaboration with Google's Threat Analysis Group ( TAG).
TAG is a unit that specializes in monitoring sophisticated cyber attack campaigns, especially government-backed cyber groups and organizations that develop paid-in spying software.
This detail raises suspicions that the attack campaign may be related to state actors.
Along with Google, Apple also released security updates for a series of key products, including iPhone, iPad, Mac, Vision Pro, Apple TV, Apple Watch, and Safari browser.
In the announcement for the iPhone and iPad, Apple confirmed that it has patched two serious vulnerabilities and said it is aware that these vulnerabilities may have been exploited in an extremely sophisticated attack targeting specific individuals, using devices running the iOS version before iOS 26.
This expression is often used by Apple to refer to targeted zero-day attacks, when attackers target identified targets rather than large-scale attacks.
In the past, similar campaigns often involved the use of hacking tools and spying software developed by companies such as NSO Group or Paragon Solutions to track journalists, policy dissidents and human rights activists.
Up to now, neither Apple nor Google have made an official comment on the scope of impact nor the identities of the groups behind the attack.
However, cybersecurity experts warn that in fierce competition, technology corporations are forced to launch new products, features and platforms at an ever-increasingly fast pace. The shortened development cycle has caused security testing to not keep up, creating un detected vulnerabilities. This is also a fertile land for zero-day attacks.
Users need to update the software immediately to minimize the risk of data breaches and theft.
