Apple on Thursday released security updates for its operating systems to patch dozens of vulnerabilities that could expose iPhones and Macs to hacker attacks, including three zero-days affecting the WebKit browser engine.
Two of the actively exploited vulnerabilities, CVE-2023-28204 and CVE-2023-32373, have been reported to the tech giant by an anonymous researcher. Their exploitation can lead to sensitive information disclosure and arbitrary code execution if the attacker can trick the targeted user into processing specially crafted web content — this includes luring them to a malicious site.
By infosecbulletin
/ Tuesday , February 18 2025
Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...
Read More
By infosecbulletin
/ Tuesday , February 18 2025
The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the...
Read More
By infosecbulletin
/ Monday , February 17 2025
Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs...
Read More
By infosecbulletin
/ Monday , February 17 2025
CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which...
Read More
By infosecbulletin
/ Monday , February 17 2025
A major IoT data breach has exposed 2.7 billion records, including Wi-Fi network names, passwords, IP addresses, and device IDs....
Read More
By infosecbulletin
/ Sunday , February 16 2025
A serious authentication bypass vulnerability in SonicWall firewalls, called CVE-2024-53704, is currently being exploited, according to cybersecurity firms. The increase...
Read More
By infosecbulletin
/ Sunday , February 16 2025
AMD has released security patches for two high-severity vulnerabilities in its System Management Mode (SMM). If exploited, these could let...
Read More
By infosecbulletin
/ Sunday , February 16 2025
Lazarus Group has initiated a complex global campaign aimed at software developers and cryptocurrency users. Operation Marstech Mayhem uses the...
Read More
By infosecbulletin
/ Saturday , February 15 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
By infosecbulletin
/ Saturday , February 15 2025
RedMike (Salt Typhoon) targeted university devices in Bangladesh, likely to access research in telecommunications, engineering, and technology, especially from institutions...
Read More
No information is available on the attacks exploiting these zero-day flaws.
Apple revealed in its advisories that these were the vulnerabilities that it patched with its first Rapid Security Response updates, specifically iOS 16.4.1(a), iPadOS 16.4.1(a), and macOS 13.3.1(a).
Now, iOS 16.5 and iPadOS 16.5 fix CVE-2023-28204 and CVE-2023-32373, as well as CVE-2023-32409, a WebKit zero-day that can be exploited to escape the Web Content sandbox.
CVE-2023-32409 was reported to Apple by Google’s Threat Analysis Group and Amnesty International, which indicates that it has likely been exploited by the products of a commercial spyware vendor.
Google recently detailed several iOS and Android exploits that the company has linked to various spyware vendors.
The latest
iOS and iPadOS updates patch over 30 other vulnerabilities, including ones that can lead to a security bypass, sandbox escape, arbitrary code execution, exposure of location and other user data, privilege escalation, termination of an app, recovery of deleted photos, retaining access to system configuration files, contact information exposure from the lock screen, and modifications of protected parts of the file system.
CVE-2023-28204 and CVE-2023-32373 have also been fixed with the release of iOS and iPadOS 15.7.6
The exploited WebKit vulnerabilities have also been resolved in Apple TV, Apple Watch and Safari.
The latest macOS Ventura update fixes the three zero-days, along with nearly 50 other vulnerabilities that can lead to sensitive information disclosure, arbitrary code execution, DoS attacks, a security feature bypass, and privilege escalation.
Apple has also updated macOS Monterey to version 12.6.6 and Big Sur to version 11.7.7 to patch more than two dozen vulnerabilities, but none of the zero-days.