September 22, 2023 | Apple has patched three zero-day vulnerabilities actively exploited in the wild, bringing the total fixed zero-days this year to 16. Security researchers believe commercial spyware vendors are behind the attacks. The vulnerabilities were reported by Bill Marczak of The Citizen Lab and Maddie Stone of Google’s Threat Analysis Group. The fact that many of these vulnerabilities were discovered by groups that focus on state-sponsored and high-level cyber-espionage campaigns suggests that Apple devices are being targeted in sophisticated attacks against high-profile individuals. The zero-days patched include vulnerabilities in WebKit browser, Security Framework, and Kernel Framework. The use of zero-day vulnerabilities by commercial spyware vendors is on the rise, and the exposure of these vulnerabilities raises the cost of doing business for them. Apple’s new Rapid Security Response (RSR) model separates critical security patches from functional updates, allowing the company to address vulnerabilities more quickly and efficiently.