The latest emergency software updates from Google and Apple come as they rush to defend users after a zero-day hacking campaign affected an unspecified number of devices.
On December 10, Google issued patches for several Chrome security flaws, noting that one of the flaws had been exploited in the wild before a fix was available. The company initially offered few details, a departure from its usual practice of sharing more information upfront.
By Friday, Google added that the vulnerability was discovered with input from Apple’s security team and Google’s Threat Analysis Group, whose researchers primarily monitor government-backed actors and mercenary spyware makers. This connection suggests that the ongoing hacking operation may have involved state-sponsored hackers.
Simultaneously, Apple pushed security updates across its range of devices, including iPhones, iPads, Macs, Vision Pro, Apple TV, Apple Watches, and Safari. Apple’s advisory for iPhones and iPads notes that two bugs were patched and warns that the issue may have been exploited in a highly sophisticated attack against specific targeted individuals on devices operating before iOS 26.
Apple’s and Google’s teams did not immediately respond to further inquiries. The two companies issued the updates to bolster protection for users amid a broader debate about the reach and methods of advanced surveillance and hacking efforts.
Background notes: zero-days are flaws that are unknown to developers at the time they’re exploited, which is why rapid patching is critical. In many recent cases, such exploits have been linked to government-backed hacking groups or spyware developers used to target journalists, dissidents, and human rights activists.
About the author: Lorenzo Franceschi-Bicchierai is TechCrunch’s senior writer focusing on hacking, cybersecurity, surveillance, and privacy. You can reach him at lorenzo@techcrunch.com or through secure channels described on his author page.
