Apple fixes 3 more zero-day security issues
Critical updates to protect Apple users from zero-day attacks
Apple has identified three zero-day vulnerabilities affecting iPhone and Mac that have been exploited by cybercriminals. Affected devices include iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey or later, and Apple Watch Series 4 and later. The vulnerabilities have been resolved with iOS 16.7, iPadOS 16.7, OS 17.0.1, iPadOS 17.0.1, and Safari 16.6.1 updates.
In an emergency security update, Apple has identified three zero-day vulnerabilities affecting iPhone and Mac that are being actively exploited.
The details of the vulnerabilities
One of the vulnerabilities, identified as CVE-2023-41992, is a flaw found in the Kernel Framework that cybercriminals can exploit to gain elevated privileges. The other two vulnerabilities, identified as CVE-2023-41993 and CVE-2023-41991, are present in the WebKit rendering engine and security framework, respectively. By exploiting these vulnerabilities, cybercriminals can bypass signature validation and achieve arbitrary code execution via malicious web pages, according to Apple's advisory.
Affected devices and fixes
Devices affected by these zero-day vulnerabilities range across older and newer Apple product models, including iPhone 8 and later, iPad mini 5th generation and later, all Macs with macOS Monterey or later, and Apple Watch Series 4 and later . The issues have been resolved in iOS 16.7, iPadOS 16.7, OS 17.0.1, iPadOS 17.0.1, and Safari 16.6.1 versions. Citizen Lab and Google Threat Analysis Group experts Bill Marczak and Maddie Stone first discovered and reported these vulnerabilities.
Extension of attacks and exploitation
While details of the ongoing attacks are still unknown, the vulnerabilities are known to be under active attack. According to the National Vulnerability Database, exploit activity has been reported on older versions of iOS before version 16.7, but the extent of their exploitation is still unknown.
Follow us on WhatsApp for more pills like this09/22/2023 16:35
Editorial AI