Apple Zero-Days

Recently, two new zero-day vulnerabilities were identified and exploited in the wild to compromise Apple devices. These vulnerabilities have been addressed by emergency security updates released recently by Apple.

Here below, we have mentioned the Apple devices that were targeted and could be compromised:-

  • iPhones
  • Macs
  • iPads

Apart from this, the most shocking thing is that Apple might have already been aware of the active exploitation of these vulnerabilities in the wild. As usual with Apple, few details about the zero-day attacks were revealed.

Zero-day Vulnerabilities

The zero-day flaws are tracked as:-

CVE-2023-28206

It’s an IOSurfaceAccelerator out-of-bounds write, and it could lead to:-

  • Data corruption
  • A crash
  • Code execution

CVE-2023-28205

It’s a WebKit used after free weakness, and while reusing freed memory, it could lead to:-

  • Data corruption
  • Arbitrary code execution

These zero-day vulnerabilities were identified by security experts from Google’s Threat Analysis Group and Amnesty International:-

  • Clément Lecigne from TAG
  • Donncha Ó Cearbhaill from Amnesty International

While security analysts affirmed that human rights workers are mainly targeted by hackers exploiting these two vulnerabilities.

Amnesty Intl. researcher Donncha Ó Cearbhaill confirmed via tweet that the discovered vulnerabilities can be chained together to exploit iOS devices and were found “in the wild.”

In addition to being zero-day holes, attackers are already using them before any patches are available, which is alarming.

If the CVE-2023-28206 is exploited successfully, an attacker may be able to execute arbitrary code on the targets’ devices with kernel privileges using a maliciously crafted application.

As a result of CVE-2023-28205, threat actors can exploit targets by deceiving them into downloading malicious web pages controlled by threat actors. As a result, the execution of arbitrary code on compromised systems could occur.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” Apple says.

Affected Devices

The list of affected devices provided by Apple is quite extensive, including the following devices:-

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later
  • and Macs running macOS Ventura

Patch

With the add-on of more sophisticated input validation and memory management, these two zero-day vulnerabilities were fixed by Apple in:-

  • iOS 16.4.1
  • iPadOS 16.4.1
  • macOS Ventura 13.3.1
  • Safari 16.4.1

While cybersecurity analysts have strongly recommended users immediately install the emergency updates released by Apple. Doing so will prevent potential attacks, even though the zero-days fixed today were probably only utilized in specific, targeted attacks.

Looking For an All-in-One Multi-OS Patch Management Platform? – Try Patch Manager Plus

Also Read

Warning! Apple Fixes Actively Exploited iOS Zero-Day on iPhones & iPads

Apple New Webkit Zero-day Flaw Used Actively Used in Attacks Against iPhones

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.