Apple and Google have released several software updates to protect against a hacking campaign targeting an unknown number of their users.
On Wednesday, Google released patches for a handful of security bugs in its Chrome browser. The company noted that one of the bugs was being actively exploited by hackers before it had time to issue a fix. Unusually, Google initially provided no further details. However, on Friday, Google updated its announcement to state that the bug was discovered by Apple’s security engineering team and Google’s own Threat Analysis Group. This group primarily tracks government hackers and mercenary spyware makers, indicating the hacking campaign may have been orchestrated by state-backed actors.
Simultaneously, Apple released security updates for its flagship products. These updates cover iPhones, iPads, Macs, Vision Pro, Apple TV, Apple Watches, and the Safari browser.
According to Apple’s security advisory for iPhones and iPads, the company patched two bugs. Apple stated it was aware that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals using devices with software prior to iOS 26. This language is Apple’s typical way of saying it knows some customers were targeted by hackers exploiting zero-day vulnerabilities. Zero-days are flaws that are unknown to the software maker at the time they are exploited.
Such attacks often involve government hackers using tools and spyware from companies like NSO Group or Paragon Solutions to target journalists, dissidents, and human rights activists. Apple and Google did not immediately respond to a request for comment.