Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[Zero-Day] Update Now: 3 Exploited Apple Flaws

Executive Summary

Apple has rushed to patch three new zero-day vulnerabilities that were actively exploited.

The vulnerabilities affect iOS, iPadOS, macOS, Safari, and watchOS.

These zero-day flaws bring the total number of zero-day bugs discovered in Apple’s software this year to 16.

The vulnerabilities include a certificate validation issue, a security flaw in the Kernel, and a WebKit flaw that could result in arbitrary code execution.

Apple users are advised to update impacted software to the latest versions to patch these actively exploited zero-day vulnerabilities.

Vulnerabilities

The following zero-day vulnerabilities have been identified:

These vulnerabilities are still being analyzed, and their CVSS scores have not been announced yet.

Apple’s Response

Apple has released emergency security updates to address these vulnerabilities.

The updates are available for the following operating systems and devices:

Apple credits Bill Marczak of The Citizen Lab and Maddie Stone of Google’s Threat Analysis Group for discovering and reporting these vulnerabilities.

Other Vulnerabilities of Apple in 2023

The disclosure follows Apple’s resolution of two other zero-day vulnerabilities. These vulnerabilities were exploited as part of a zero-click iMessage exploit chain called BLASTPASS, which was used to deploy the Pegasus spyware.

For more details regarding those recent zero-days, please refer to our news article: Zero-Day Vulnerabilities in iOS and iPadOS.

In total, Apple has patched 16 actively exploited zero-day vulnerabilities in 2023. 8 of them had a CVSS score of 8+, and 3 of them had a CVSS score of 7+.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.