Home Security iOS, macOS, Safari, and Extra Susceptible

iOS, macOS, Safari, and Extra Susceptible

by crpt os


Sep 22, 2023THNZero Day / Vulnerability

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16.

The list of security vulnerabilities is as follows –

  • CVE-2023-41991 – A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation.
  • CVE-2023-41992 – A security flaw in Kernel that could allow a local attacker to elevate their privileges.
  • CVE-2023-41993 – A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content.

Apple did not provide additional specifics barring an acknowledgement that the “issue may have been actively exploited against versions of iOS before iOS 16.7.”

Cybersecurity

The updates are available for the following devices and operating systems –

  • iOS 16.7 and iPadOS 16.7 – iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • iOS 17.0.1 and iPadOS 17.0.1 – iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
  • macOS Monterey 12.7 and macOS Ventura 13.6
  • watchOS 9.6.3 and watchOS 10.0.1 – Apple Watch Series 4 and later
  • Safari 16.6.1

Credited with discovering and reporting the shortcomings are Bill Marczak of the Citizen Lab at the University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group (TAG), indicating that they may have been abused as part of highly-targeted spyware attacks aimed at civil society who are at heightened risk of cyber threats.

The disclosure comes two weeks after Apple resolved two other actively exploited zero-days (CVE-2023-41061 and CVE-2023-41064) that have been chained as part of a zero-click iMessage exploit chain named BLASTPASS to deploy a mercenary spyware known as Pegasus.

This was followed by both Google and Mozilla shipping fixes to contain a security flaw (CVE-2023-4863) that could result in arbitrary code execution when processing a specially crafted image.

UPCOMING WEBINAR

AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks

Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

Supercharge Your Skills

There is evidence to suggest that both CVE-2023-41064, a buffer overflow vulnerability in Apple’s Image I/O image parsing framework, and CVE-2023-4863, a heap buffer overflow in the WebP image library (libwebp), could refer to the same bug, according to Isosceles founder and former Google Project Zero researcher Ben Hawkes.

Rezilion, in an analysis published Thursday, revealed that the libwebp library is used in several operating systems, software packages, Linux applications, and container images, highlighting that the scope of the vulnerability is much broader than initially assumed.

“The good news is that the bug seems to be patched correctly in the upstream libwebp, and that patch is making its way to everywhere it should go,” Hawkes said. “The bad news is that libwebp is used in a lot of places, and it could be a while until the patch reaches saturation.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex