Microsoft today released software updates, including patches for two zero-day flaws that have previously been used to exploit two zero-day vulnerabilities, to close at least fifty security weaknesses in Windows and related products. Additionally, users of Adobe, Google Chrome, and Apple iOS may need to perform their own zero-day patching. The exploit, according to Citizen Lab, makes advantage of malicious photos delivered through iMessage, a built-in feature of Apple’s iOS that has previously been the cause of zero-click vulnerabilities in iPhones and iPads.
On September 7, Citizen Lab researchers issued a warning after observing active exploitation of a “zero-click,” zero-day vulnerability to secretly install spyware on iOS devices. “Without the involvement of the user, the attack chain was capable to compromise iPhones running the most recent version of iOS.