- Home
- Alerts & Advisories
- Alerts
- Active Exploitation of Zero-Day Vulnerabilities in Apple Products
Active Exploitation of Zero-Day Vulnerabilities in Apple Products
8 September 2023
Apple has released security updates to address two zero-day vulnerabilities (CVE-2023-41064 and CVE-2023-41061). The vulnerabilities are reportedly being actively exploited.
The vulnerabilities are:
CVE-2023-41064 - A buffer overflow vulnerability that gets triggered when processing maliciously crafted images.
CVE-2023-41061 - A validation vulnerability that can be exploited using a malicious attachment.
Successful exploitation of the vulnerabilities could allow an attacker to perform arbitrary code execution on the affected products.
The vulnerabilities affect the following products:
- Macs running macOS Ventura 
- iPhone 8 and later 
- iPad Pro (all models) 
- iPad Air 3rd generation and later 
- iPad 5th generation and later 
- iPad mini 5th generation and later 
- Apple Watch Series 4 and later 
Users of affected products are advised to update to the latest versions immediately:
- macOS Ventura 13.5.2 for macOS Ventura 
- iOS 16.6.1 for iPhone 8 and later 
- iPadOS 16.6.1 for iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later and iPad mini 5th generation and later 
- watchOS 9.6.2 for Apple Watch Series 4 and later 
Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.
More information is available here:
https://support.apple.com/en-us/HT213906
