Google and Apple have issued urgent security updates after uncovering zero-day vulnerabilities that were already being used by hackers in real-world attacks, raising concerns about a highly sophisticated cyber campaign that may involve state-backed actors.
Google confirmed on Wednesday that it had patched several security flaws in its Chrome browser, including one vulnerability that was actively exploited before the fix was released. At first, the company did not share technical details about the flaw or the attacks, an unusual move that drew attention from cybersecurity experts.
On Friday, Google updated its advisory and revealed that the vulnerability had been identified jointly by Apple’s security engineering team and Google’s Threat Analysis Group. This group is known for tracking government-linked hackers and mercenary spyware operators, suggesting the attacks were likely carried out by well-resourced and highly skilled actors.
Around the same time, Apple rolled out security updates across its entire ecosystem, including iPhones, iPads, Macs, Apple Watch, Apple TV, Vision Pro, and the Safari browser. In its advisory, Apple said it fixed two serious security flaws affecting iPhones and iPads and acknowledged that it was aware the bugs “may have been exploited in an extremely sophisticated attack against specific targeted individuals” using older versions of iOS.
This wording is typically used by Apple to confirm zero-day exploitation, meaning the vulnerabilities were abused before the company had a chance to patch them. Zero-day attacks are especially dangerous because users remain exposed until updates are installed.
In past incidents, similar attack patterns have been linked to advanced spyware developed by companies such as NSO Group and Paragon Solutions, which have been accused of targeting journalists, activists, and political dissidents. Neither Google nor Apple disclosed how many users were affected in the latest campaign.
Both companies are urging users to update their devices immediately to protect against potential exploitation, as investigations into the scope and origin of the attacks continue.
