Active Exploitation of Zero-Day Vulnerabilities in Apple Products

Published on 08 Sep 2023 | Updated on 08 Sep 2023

Apple has released security updates to address two zero-day vulnerabilities (CVE-2023-41064 and CVE-2023-41061). The vulnerabilities are reportedly being actively exploited.

The vulnerabilities are:

CVE-2023-41064 - A buffer overflow vulnerability that gets triggered when processing maliciously crafted images.

CVE-2023-41061 - A validation vulnerability that can be exploited using a malicious attachment.

Successful exploitation of the vulnerabilities could allow an attacker to perform arbitrary code execution on the affected products.

The vulnerabilities affect the following products:

  • Macs running macOS Ventura
  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later
  • Apple Watch Series 4 and later

Users of affected products are advised to update to the latest versions immediately:

  • macOS Ventura 13.5.2 for macOS Ventura
  • iOS 16.6.1 for iPhone 8 and later
  • iPadOS 16.6.1 for iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later and iPad mini 5th generation and later
  • watchOS 9.6.2 for Apple Watch Series 4 and later

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:
https://support.apple.com/en-us/HT213906
https://support.apple.com/en-us/HT213907
https://www.bleepingcomputer.com/news/apple/apple-discloses-2-new-zero-days-exploited-to-attack-iphones-macs/
Tags
Alerts Alerts & Advisories
Share