Apr 11 2023

Apple Fixes Zero Day Vulnerability in iOS And MacOS

Category: Zero dayDISC @ 9:46 am

Apple Fixes Zero Day vulnerabilities for iOS And MacOS devices.

Apple recently released a security update for its iOS and MacOS devices, and fixing zero-day vulnerabilities that could allow cyber attackers to access users’ devices.

The iOS and iPadOS, version 15.7.5, addresses a vulnerability in the iOSurfaceAccelerator and WebKit engine that could allow an app and website to execute arbitrary code with kernel privileges processing maliciously.

Apple notes that this vulnerability has been actively exploited in the wild, making it especially important for users to update their devices as soon as possible.

Meanwhile, the MacOS update, including macOS Big Sur 11.7.6 and macOS Monterey 12.6.5, addressed with improved input validation.

macOS Big Sur 11.7.6

  • CVE-2023-28206

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.

iOS 15.7.5 and iPadOS 15.7.5

  • CVE-2023-28206

IOSurfaceAccelerator

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.

WebKit

  • CVE-2023-28205

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 254797

macOS Monterey 12.6.5

  • CVE-2023-28206

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved input validation.

Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security.

  • The latest version of iOS and iPadOS is 16.4.1.
  • The latest version of macOS is 13.3.1.
  • The latest version of tvOS is 16.4.
  • The latest version of watchOS is 9.4.

Note that after a software update is installed for iOS, iPadOS, tvOS, and watchOS, it cannot be downgraded to the previous version.

As always, Apple is urging all users to update their devices to the latest iOS and MacOS as soon as possible to ensure they are protected against these critical security vulnerabilities. Users can download the updates to the iOS device Settings app, and the Software Update section of the System Preferences app on their MacOS device.

Zero-Day Fixes macOS and iOS

The Art of Mac Malware: The Guide to Analyzing Malicious Software


InfoSec Threats
 | InfoSec books | InfoSec tools | InfoSec services

Tags: iOS, macOS Zero-Day