Apple has released emergency updates to address two actively exploited zero-day flaws on older iPhones, iPads, and Macs. The company stated that they are aware of a report that this issue may have been actively exploited.
CVE-2023-28206, CVE-2023-28205 Zero-Days
The first security loophole, known as as CVE-2023-28206, has been classified as an out-of-bounds write issue located in IOSurfaceAccelerator. The vulnerability could allow malicious actors to execute arbitrary code with kernel privileges on targeted devices. The second zero-day, CVE-2023-28205, is a WebKit use after free vulnerability that could let malicious code be executed on compromised devices after users are tricked into loading malicious web pages. These security patches were released on Friday.
In accordance with the vulnerabilities, Apple today released software updates to address the zero-day vulnerabilities discovered in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6. These updates improve input validation and memory management, and protect the following devices: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), and Macs running macOS Monterey and Big Sur. It is noteworthy that the zero-day flaws were initially identified by researchers at Google’s Threat Analysis Group and Amnesty International’s Security Lab, who reported that they were being exploited in the wild.
What Is a Zero-Day Vulnerability?
Zero-day, or 0-day, is a term used to describe a vulnerability, exploit, and attack in software or hardware. A Zero-Day Vulnerability is a software bug that is unknown to the software vendor, making it possible for a cybercriminal to take advantage of it for malicious purposes. A Zero-Day Exploit is the method developed by the cybercriminal to leverage the vulnerability, and a Zero-Day Attack is the deployment of the exploit in an attack scenario, which may be used to steal sensitive data or cause other forms of damage.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: