Apple has released a series of updates to address numerous vulnerabilities in its ecosystem, including a critical zero-day flaw in the WebKit browser engine used in Safari. The vulnerability, identified as CVE-2024-23222, has been added to the US Cybersecurity and Infrastructure Security Agency’s list of Known Exploited Vulnerabilities, indicating its potential impact. Apple acknowledged that the issue may have been exploited but provided limited information on the matter. The patch covers a wide range of Apple devices, safeguarding them from potential arbitrary code execution. Alan Bavosa, VP of security products at AppDome, expressed concern over the seriousness of the threat posed by the vulnerability. Previous instances of zero-day flaws in Apple products have often been exploited by spyware companies that supply government customers for surveillance purposes. In a related development, a lawsuit filed by Apple against NSO Group, an Israeli firm associated with the Pegasus malware, advanced in favor of Apple, with a US judge denying NSO’s request to dismiss the case in preference of an Israeli trial. Apple’s complaint alleges violations of the US Computer Fraud and Abuse Act and California’s Unfair Competition Law. NSO has until February 14th to respond to the complaint, and a case management hearing is scheduled for April. Apple has stated its commitment to protecting users from spyware developers.