The bugs were discovered in two common open-source libraries, webp and libvpx, which are widely integrated into browsers, apps and phones to process images and videos.
When reached for comment, a Microsoft spokesperson declined to say if its products had been exploited in the wild, or if the company has the ability to know.
Security researchers at Citizen Lab said in early September that they had discovered evidence that NSO Group customers, using the company’s Pegasus spyware, had exploited a vulnerability found in the software of an up-to-date and fully-patched iPhone.
According to Citizen Lab, the bug in the vulnerable webp library that Apple integrates in its products was exploited without requiring any interaction from the device owner — a so-called zero-click attack.
Apple rolled out security fixes for iPhones, iPads, Macs and Watches, and acknowledged the bug may have been exploited by unknown hackers.
Google rolled out an update to fix the vulnerable libvpx bug integrated into Chrome soon after.
The original article contains 485 words, the summary contains 161 words. Saved 67%. I'm a bot and I'm open source!