Apple fixes three new zero-days exploited to hack iPhones, Macs

Gandalf_The_Grey

Level 79
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,844
Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.

"Apple is aware of a report that this issue may have been actively exploited," the company revealed in security advisories describing the flaws.

The security bugs were all found in the multi-platform WebKit browser engine and are tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373.

The first vulnerability is a sandbox escape that enables remote attackers to break out of Web Content sandboxes.

The other two are an out-of-bounds read that can help attackers gain access to sensitive information and a use-after-free issue that allows achieving arbitrary code execution on compromised devices, both after tricking the targets into loading maliciously crafted web pages (web content).

Apple addressed the three zero-days in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5 with improved bounds checks, input validation, and memory management.

The list of impacted devices is quite extensive, as the bug affects older and newer models, and it includes:
  • iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), and iPhone 8 and later
  • iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Macs running macOS Big Sur, Monterey, and Ventura
  • Apple Watch Series 4 and later
  • Apple TV 4K (all models) and Apple TV HD
The company also revealed that CVE-2023-28204 and CVE-2023-32373 (reported by anonymous researchers) were first addressed with the Rapid Security Response (RSR) patches for iOS 16.4.1 and macOS 13.3.1 devices issued on May 1.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top