Latest Cyber Security News

You are here: Home / General Cyber Security News / Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari
April 8, 2023

Apple on Friday launched security updates for iOS, iPadOS, macOS, and Safari web browser to deal with a pair of zero-day flaws that are currently being exploited in the wild.

The two vulnerabilities are as follows –

  • CVE-2023-28205 – A use following free of charge issue in WebKit that could lead to arbitrary code execution when processing specially crafted web material.
  • CVE-2023-28206 – An out-of-bounds generate issue in IOSurfaceAccelerator that could enable an application to execute arbitrary code with kernel privileges.

Apple claimed it resolved CVE-2023-28205 with enhanced memory administration and the 2nd with greater input validation, introducing it is informed the bugs “might have been actively exploited.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Credited with identifying and reporting the flaws are Clément Lecigne of Google’s Menace Analysis Group (TAG) and Donncha Ó Cearbhaill of Amnesty International’s Security Lab.

Facts about the two vulnerabilities have been withheld in light-weight of active exploitation and to avert far more risk actors from abusing them.

The updates are offered in variation iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1. The fixes also span a wide variety of equipment –

  • iPhone 8 and afterwards, iPad Pro (all styles), iPad Air 3rd generation and later, iPad 5th generation and later on, and iPad mini 5th generation and later on
  • Macs running macOS Huge Sur, Monterey, and Ventura

Apple has patched 3 zero-times given that the start off of the year. In February, Apple addressed yet another actively exploited zero-day (CVE-2023-23529) in WebKit that could final result in arbitrary code execution.

The improvement also will come as Google TAG disclosed that professional spyware sellers are leveraging zero-days in Android and iOS to infect cellular equipment with surveillance malware.

Observed this post appealing? Stick to us on Twitter  and LinkedIn to go through a lot more exceptional material we put up.


Some elements of this write-up are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *