Thursday, December 26, 2024
spot_img
HomeeCOMMERCEEcommerce Digital securityApple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and...

Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari

Apple Zero-Day

Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild.

The two vulnerabilities are as follows –

  • CVE-2023-28205 – A use after free issue in WebKit that could lead to arbitrary code execution when processing specially crafted web content.
  • CVE-2023-28206 – An out-of-bounds write issue in IOSurfaceAccelerator that could enable an app to execute arbitrary code with kernel privileges.

Apple said it addressed CVE-2023-28205 with improved memory management and the second with better input validation, adding it’s aware the bugs “may have been actively exploited.”

cybersecurity

Credited with discovering and reporting the flaws are Cl?ment Lecigne of Google’s Threat Analysis Group (TAG) and Donncha ? Cearbhaill of Amnesty International’s Security Lab.

Details about the two vulnerabilities have been withheld in light of active exploitation and to prevent more threat actors from abusing them.

The updates are available in version iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1. The fixes also span a wide range of devices –

  • iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Macs running macOS Big Sur, Monterey, and Ventura

Apple has patched three zero-days since the start of the year. In February, Apple addressed another actively exploited zero-day (CVE-2023-23529) in WebKit that could result in arbitrary code execution.

The development also comes as Google TAG disclosed that commercial spyware vendors are leveraging zero-days in Android and iOS to infect mobile devices with surveillance malware.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 

Post Disclaimer

The information provided in our posts or blogs are for educational and informative purposes only. We do not guarantee the accuracy, completeness or suitability of the information. We do not provide financial or investment advice. Readers should always seek professional advice before making any financial or investment decisions based on the information provided in our content. We will not be held responsible for any losses, damages or consequences that may arise from relying on the information provided in our content.

RELATED ARTICLES

Most Popular

Recent Comments

error: Content is protected !!