Apple Addresses Three Zero-Day Vulnerabilities Actively Exploited by Attackers
Apple has released an emergency software update to patch three zero-day vulnerabilities that were actively exploited by malicious actors. These vulnerabilities affected the Safari browser as well as software platforms for Apple Watch, iPhone, iPad, and Mac computers.
The first vulnerability, assigned CVE-2023-41991, was related to Security Framework tools and allowed for “bypassing signature checks.” The second, identified as CVE-2023-41992, was a flaw in the Kernel Framework’s protection, which could be leveraged for privilege escalation within the system. Finally, the third vulnerability, CVE-2023-41993, resided in the WebKit browser engine and permitted the “execution of arbitrary code through malicious web pages.”
These vulnerabilities impacted a broad range of Apple devices, including iPhone 8 and later models, iPad mini 5th generation and later, Apple Watch Series 4 and later, as well as Mac computers running macOS Monterey and later. The software flaws have been addressed in updates such as iOS 16.7, iOS 17.0.1, iPadOS 16.7, iPadOS 17.0.1, macOS Monterey 12.7, macOS Ventura 13.6, watchOS 9.6.3, watchOS 10.0.1, and Safari 16.6.1.
The security vulnerabilities in Apple’s software were discovered by Bill Marczak of Citizen Lab at the University of Toronto, Canada, and Maddie Stone from Google’s Threat Analysis Group.
- I'm Vasyl Kolomiiets, a seasoned tech journalist regularly contributing to global publications. Having a profound background in information technologies, I seamlessly blended my technical expertise with my passion for writing, venturing into technology journalism. I've covered a wide range of topics including cutting-edge developments and their impacts on society, contributing to leading tech platforms.
- Troubleshooting15/11/2023Intel Fixes Critical Vulnerability Affecting All Processors – CVE-2023-23583
- Business15/11/2023Google Pays $8 Billion to Samsung for Default ‘Play Market’ and Search in Galaxy Devices
- Technology04/11/2023North Korea Upgrades Mobile Networks with Huawei Equipment Imports
- Technology03/11/2023Chinese Scientists Invent Passive Saltwater Cooler, Boosts CPU Speed by a Third