Active Exploitation of Zero-Day Vulnerabilities in Apple Products

Published on 08 Apr 2023

Apple has released security updates to address two new zero-day vulnerabilities (CVE-2023-28205 and CVE-2023-28206) in their products. The vulnerabilities are reportedly being actively exploited.

 The two vulnerabilities are:

  • CVE-2023-28205: A WebKit use-after-free vulnerability that may allow attackers to execute arbitrary code after the vulnerable device processes maliciously crafted web content
  • CVE-2023-28206: An out-of-bounds write vulnerability that may allow attackers to use a maliciously crafted app to execute arbitrary code with kernel privileges on a vulnerable device

 
The vulnerability affects the following products:

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later 
  • Macs running macOS Ventura


Users of affected product versions are advised to update to the latest versions immediately.

Users are also advised to enable automatic software updates if available, by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:
https://support.apple.com/en-gb/HT213720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28205

Tags
Alerts Alerts & Advisories
Share