AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Apple fixes 3 more zero-day security issues

Critical updates to protect Apple users from zero-day attacks

Apple has identified three zero-day vulnerabilities affecting iPhone and Mac that have been exploited by cybercriminals. Affected devices include iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey or later, and Apple Watch Series 4 and later. The vulnerabilities have been resolved with iOS 16.7, iPadOS 16.7, OS 17.0.1, iPadOS 17.0.1, and Safari 16.6.1 updates.

This pill is also available in Italian language

In an emergency security update, Apple has identified three zero-day vulnerabilities affecting iPhone and Mac that are being actively exploited.

The details of the vulnerabilities

One of the vulnerabilities, identified as CVE-2023-41992, is a flaw found in the Kernel Framework that cybercriminals can exploit to gain elevated privileges. The other two vulnerabilities, identified as CVE-2023-41993 and CVE-2023-41991, are present in the WebKit rendering engine and security framework, respectively. By exploiting these vulnerabilities, cybercriminals can bypass signature validation and achieve arbitrary code execution via malicious web pages, according to Apple's advisory.

Affected devices and fixes

Devices affected by these zero-day vulnerabilities range across older and newer Apple product models, including iPhone 8 and later, iPad mini 5th generation and later, all Macs with macOS Monterey or later, and Apple Watch Series 4 and later . The issues have been resolved in iOS 16.7, iPadOS 16.7, OS 17.0.1, iPadOS 17.0.1, and Safari 16.6.1 versions. Citizen Lab and Google Threat Analysis Group experts Bill Marczak and Maddie Stone first discovered and reported these vulnerabilities.

Extension of attacks and exploitation

While details of the ongoing attacks are still unknown, the vulnerabilities are known to be under active attack. According to the National Vulnerability Database, exploit activity has been reported on older versions of iOS before version 16.7, but the extent of their exploitation is still unknown.

Follow us on WhatsApp for more pills like this

09/22/2023 16:35

Editorial AI

Complementary pills

Apple addresses zero-day vulnerabilities exploited in recent spyware attackClosing the door on surveillance: Apple's quick response to zero-days exploited in spyware attack

Last pills

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat

Polyfill JS supply chain attack: what happenedA detailed analysis of the cyber attack that compromised a library essential for JavaScript compatibility in browsers