New Update Apple discloses 2 new zero-days exploited to attack iPhones, Macs

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year.

"Apple is aware of a report that this issue may have been actively exploited," the company revealed in security advisories describing the security flaws.

The bugs were all found in the Image I/O and Wallet frameworks and are tracked as CVE-2023-41064 (discovered by Citizen Lab security researchers) and CVE-2023-41061 (discovered by Apple).

CVE-2023-41064 is a buffer overflow weakness that gets triggered when processing maliciously crafted images, and it can lead to arbitrary code execution on unpatched devices.

CVE-2023-41061 is a validation issue that can be exploited using a malicious attachment to also gain arbitrary code execution on targeted devices.

Apple fixed the zero-days in macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2 with improved logic and memory handling.

The list of impacted devices is rather extensive, seeing that the two security bugs affect both older and newer models, and it includes:
  • iPhone 8 and later
  • iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Macs running macOS Ventura
  • Apple Watch Series 4 and later
Click to expand...
www.bleepingcomputer.com

Apple discloses 2 new zero-days exploited to attack iPhones, Macs

Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, CyberTech, upnorth and 8 others
CyberTech

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year.

"Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1," the company said in an advisory issued on Wednesday.

The two bugs were found in the WebKit browser engine (CVE-2023-42916 and CVE-2023-42917), allowing attackers to gain access to sensitive information via an out-of-bounds read weakness and gain arbitrary code execution via a memory corruption bug on vulnerable devices via maliciously crafted webpages.

The company says it addressed the security flaws for devices running iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2 with improved input validation and locking.

The list of impacted Apple devices is quite extensive, and it includes:
Click to expand...
www.bleepingcomputer.com

Apple fixes two new iOS zero-days in emergency updates

Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: vtqhtr413, Gandalf_The_Grey, simmerskool and 1 other person

Similar threads

vtqhtr413
    • +Reputation
    • Like
Security News Apple fixes two new iOS zero-days exploited in attacks on iPhones
Replies
0
Views
1,059
Security News
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • +Reputation
    • Like
    • Applause
Apple fixes three new zero-days exploited to hack iPhones, Macs
Replies
0
Views
1,137
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
New Update iOS 15.7.9, iPadOS 15.7.9, macOS 12.6.9 and macOS 11.7.10
Replies
0
Views
512
macOS, iOS & iPadOS
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top