• 07 3184 7575
  • October 23, 2023

Apple has released more security patches after three zero-day vulnerabilities were discovered in iOS, iPadOS, MacOS, WatchOS, and Safari. These vulnerabilities are actively being exploited in the wild against several frameworks and systems of Apple products, making sixteen total zero-days in 2023. CSB recommends reviewing this Cybersecurity Threat Advisory in detail, and applying the latest patches provided by Apple to mitigate the risk and impact.

What is the threat?

The first vulnerability discovered is CVE-2023-41991. This zero-day is associated with the certificate validation of the Security framework. If successfully exploited, attackers can allow a malicious application to avoid signature validation. The next zero-day is currently being tracked as CVE-2023-41992. This is a local privilege escalation flaw found in the Kernel framework of Apple products. Finally, CVE-2023-41993is an Apple Webkit arbitrary code execution vulnerability. It is exploited through specially developed webpages being processed by the browser engine. Bill Marczak of the Citizen Lab at the University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group are credited with discovering and reporting these zero-days.

The following Apple devices are affected:

  • iPhone 8 and later
  • iPad mini 5th generation and later
  • Macs running macOS Monterey and later
  • Apple Watch Series 4 and later

Why is it noteworthy?

Apple Inc. is one of the leading multi-national technology companies specializing in smart-devices, computers, and much more. These vulnerabilities are associated with several of their popular products including iPhones, Macs, watches, and iPads. The CVEs of the vulnerabilities received a Common Vulnerability Scoring System (CVSS) score ranging from a critical base score of 9.8 to a medium base score of 5.5 according to NIST’s National Vulnerability Database. Action should be taken as soon as possible.

What is the exposure or risk?

Apple’s recent zero-day vulnerabilities can lead to significant exposure and/or risk for its customers. If exploited successfully, it can lead to arbitrary code execution or local privilege escalation. Apple has released patches for these zero-day vulnerabilities found in their latest advisory.

What are the recommendations?

  • Install Apple’s latest patch on all affected devices.
Previous Post
Critical Acrobat and Reader zero-day vulnerability
Next Post
Cybersecurity Threat Advisory: Cyberattacks on MGM Resorts

Subscribe to our newsletter

Subscribe to our newsletter and get the latest updates on news, technology, tips, and tricks on how to securing your business.

Join Our Newsletter

Please complete this form to create an account, receive email updates and much more.
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.