Apple Fixes Zero Day vulnerabilities for iOS And MacOS devices.
Apple recently released a security update for its iOS and MacOS devices, and fixing zero-day vulnerabilities that could allow cyber attackers to access users’ devices.
The iOS and iPadOS, version 15.7.5, addresses a vulnerability in the iOSurfaceAccelerator and WebKit engine that could allow an app and website to execute arbitrary code with kernel privileges processing maliciously.
Apple notes that this vulnerability has been actively exploited in the wild, making it especially important for users to update their devices as soon as possible.
Meanwhile, the MacOS update, including macOS Big Sur 11.7.6 and macOS Monterey 12.6.5, addressed with improved input validation.
macOS Big Sur 11.7.6
- CVE-2023-28206
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.
iOS 15.7.5 and iPadOS 15.7.5
- CVE-2023-28206
IOSurfaceAccelerator
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.
WebKit
- CVE-2023-28205
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use after free issue was addressed with improved memory management.
WebKit Bugzilla: 254797
macOS Monterey 12.6.5
- CVE-2023-28206
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.
Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security.
- The latest version of iOS and iPadOS is 16.4.1.
- The latest version of macOS is 13.3.1.
- The latest version of tvOS is 16.4.
- The latest version of watchOS is 9.4.
Note that after a software update is installed for iOS, iPadOS, tvOS, and watchOS, it cannot be downgraded to the previous version.
As always, Apple is urging all users to update their devices to the latest iOS and MacOS as soon as possible to ensure they are protected against these critical security vulnerabilities. Users can download the updates to the iOS device Settings app, and the Software Update section of the System Preferences app on their MacOS device.
The Art of Mac Malware: The Guide to Analyzing Malicious Software
InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services