Apple has recently released security updates for several of its products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. These updates address some vulnerabilities, but most importantly, three zero-day exploits (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) that affect Apple WebKit, the web browser engine used by Safari and other default browsers on iOS devices.
According to Apple, these vulnerabilities “may have been actively exploited” by attackers to break out of the Web Content sandbox, disclose sensitive information, or execute arbitrary code when processing malicious web content. The company credited Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab for reporting one of the zero-days (CVE-2023-32409), while an anonymous researcher reported the other two.
Apple did not provide any details about the nature or scope of the attacks, but such zero-days have been historically used by sophisticated threat actors to target dissidents, journalists, human rights activists, and other high-profile individuals. This is why it is highly recommended that users of Apple devices update their software as soon as possible to mitigate the risk of compromise.
The latest updates are available for the following devices and operating systems:
– iOS 16.5 and iPadOS 16.5 – iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
– iOS 15.7.6 and iPadOS 15.7.6 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
– macOS Ventura 13.4 – macOS Ventura
– tvOS 16.5 – Apple TV 4K (all models) and Apple TV HD
– watchOS 9.5 – Apple Watch Series 4 and later
– Safari 16.5 – macOS Big Sur and macOS Monterey
This is not the first time that Apple has patched several actively exploited zero-days this year. In February, the company fixed a WebKit flaw (CVE-2023-23529) that could lead to remote code execution. In April, it issued fixes for two vulnerabilities (CVE-2023-28205 and CVE-2023-28206) that allowed for code execution with elevated privileges.
Apple users should always keep their devices updated with the latest security patches to protect themselves from potential threats.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by seth schwiet on Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp