Home 零对冲(ZeroHedge)每日HackerNews

苹果发布补丁修复十年零日漏洞,可能被商业间谍软件利用。
Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

原始链接: https://www.theregister.com/2026/02/12/apple_ios_263/

苹果公司最近发布了iOS 26.3,以修复dyld(其动态链接器)中的一个关键零日漏洞(CVE-2026-20700)。该漏洞自iOS最初版本以来影响所有iOS版本。谷歌威胁分析小组发现了此漏洞,它允许具有内存写入权限的攻击者执行任意代码——本质上赋予他们对设备的控制权。 苹果确认此漏洞已被积极利用于针对特定个人的“高度复杂的攻击”中,可能作为更大的漏洞利用链的一部分。该攻击利用dyld漏洞以及WebKit漏洞,创建了一条通往完全设备控制的“零点击”路径。 安全专家将dyld比作安全“门卫”,而此漏洞绕过了关键的安全检查。这种复杂程度让人联想到商业间谍软件行业开发的漏洞,例如潜伏者(Pegasus)和掠食者(Predator)背后的那些。虽然此更新解决了其他错误,但dyld/WebKit链代表了iOS 26.3解决的最重大威胁。

苹果公司最近发布了针对iOS系统中一个存在十年的“零日”漏洞的补丁,这意味着该漏洞在修复程序可用之前,苹果公司并不知道,并且可能已经被利用。该漏洞可能被商业间谍软件利用,引发了对设备安全的担忧。 Hacker News上的讨论澄清,“零日”指的是供应商未知的漏洞。用户正在质疑此更新的范围,指出它可能无法涵盖所有设备(例如较旧的iPad或运行较旧iOS版本的设备),并对需要升级旧设备表示沮丧。 一些评论员强调了创建无bug软件的固有困难,并赞扬了苹果相对于Android厂商的安全性能,而另一些人则指出了GrapheneOS等开源选项。该漏洞似乎需要用户交互才能利用,并非简单的锁屏绕过,但物理访问可能有助于漏洞利用。
相关文章
原文

Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an "extremely sophisticated attack" against targeted individuals.

CVE-2026-20700, discovered by Google's Threat Analysis Group, affects dyld - Apple's dynamic linker - and allows attackers with memory write capability to execute arbitrary code. Apple said the flaw was exploited in the wild and may have been part of an exploit chain.

Its advisory stated: "An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26."

Google's researchers also referenced two December vulnerabilities in their report that both carry 8.8 CVSS scores.

CVE-2025-14174 is an out-of-bounds memory access flaw in Google Chrome's ANGLE graphics engine on Mac that could be exploited through a malicious webpage.

The other, CVE-2025-43529, is a use-after-free leading to code execution.

Brian Milbier, deputy CISO at Huntress, said: "Think of dyld as the doorman for your phone. Every single app that wants to run must first pass through this doorman to be assembled and given permission to start.

"Usually, the doorman checks credentials and places apps in a high-security 'sandbox' where they can't touch your private data. This vulnerability allows an attacker to trick the doorman into handing over a master key before security checks even begin."

By chaining this with WebKit flaws Apple also addressed in the iOS 26.3 update, "attackers have created a 'zero-click' or 'one-click' path to total control. They use a fake ID to bypass the front gate – your browser – and then exploit the doorman's flaw to take over the entire building," Milbier added.

"This level of sophistication resembles other exploits developed by the commercial surveillance industry. These are private companies that also developed prominent spyware tools like Pegasus and Predator. They sell these types of exploits or tools to government clients. While some updates in this patch address minor issues, such as data leakage from physical access, the dyld/WebKit chain is in a different league. iOS 26.3 closes a door that has been unlocked for over a decade."

Apple's updates for iOS and iPadOS also feature a host of other fixes for various bugs, including flaws that grant root access and disclose sensitive user information, but CVE-2026-20700 is the only one it said was exploited in the wild. ®

联系我们 contact @ memedata.com