Three new vulnerabilities have been discovered in multiple Apple products, including iPhone (iOS), iPadOS, watchOS, Safari, macOS and multiple versions of these products. These vulnerabilities have been confirmed as a Zero-Day by Apple.
In response to these findings, Apple has released multiple security advisories addressing these vulnerabilities. CVE IDs have been assigned for these vulnerabilities, which are CVE-2023-41991, CVE-2023-41992, and CVE-2023-4199.
Zero Day Vulnerabilities
The first Zero day was given the CVE ID CVE-2023-41991 associated with a Signature Validation Bypass. A threat actor can exploit this particular vulnerability by using a malicious app, which could result in bypassing the certificate validation.
The second Zero Day was given the CVE ID CVE-2023-41992, which points to a Privilege Escalation Vulnerability that a threat actor can exploit to gain escalated privileges on affected Apple products.
The third Zero Day was given the CVE ID CVE-2023-41992, which is related to an arbitrary code execution vulnerability that threat actors can exploit for executing arbitrary code on affected Apple products.
The National Vulnerability Database (NVD) has yet to categorize the severity of these vulnerabilities. Apple stated that they are aware of the report that threat actors may have actively exploited these vulnerabilities.
As part of fixing these vulnerabilities, Apple has released multiple security advisories for iOS 16.7 & iPadOS 16.7, iOS 17.0.1 & iPadOS 17.0.1, macOS Monterey 12.7, macOS Ventura 13.6, watchOS 9.6.3, watchOS 10.0.1 and Safari 16.6.1. These advisories have been released as an emergency update by Apple to prevent these vulnerabilities from being exploited.
As per the security advisories, the affected products have been fixed in the following versions: iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, macOS Monterey 12.7, macOS Ventura 13.6, watchOS 9.6.3, watchOS 10.0.1 & Safari 16.6.1.
Users of these Apple products have been advised to upgrade to the latest versions to prevent these vulnerabilities from getting exploited.