Apple on Thursday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three newly-discovered zero-day flaws that are being actively utilized in the wild. These three vulnerabilities are listed as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373.
Clément Lecigne of Google’s Threat Analysis Group (TAG) and Donncha Ó Cearbhaill of Amnesty International’s Security Lab were credited with reporting CVE-2023-32409, while an anonymous researcher was acknowledged for reporting the other two issues.
Notably, both CVE-2023-28204 and CVE-2023-32373 were fixed as part of Rapid Security Response updates – iOS 16.4.1 (a) and iPadOS 16.4.1 (a) – released at the start of this month.
Currently, there are no additional technical details about the flaws, the nature of the attacks, or the identity of the threat actors that may be exploiting them. Nevertheless, such weaknesses have been historically used as part of highly-targeted intrusions to deploy spyware on the devices of dissidents, journalists, and human rights activists, among others.
The latest updates are available for iOS 16.5 and iPadOS 16.5 (iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later), iOS 15.7.6 and iPadOS 15.7.6 (iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)), macOS Ventura 13.4, tvOS 16.5 (Apple TV 4K (all models) and Apple TV HD), watchOS 9.5 (Apple Watch Series 4 and later), and Safari 16.5 (macOS Big Sur and macOS Monterey).
Since the beginning of 2023, Apple has addressed a total of six actively exploited zero-days. Back in February, the company patched a WebKit vulnerability (CVE-2023-23529) that could result in remote code execution. Then last month, it issued fixes for a couple of flaws (CVE-2023-28205 and CVE-2023-28206) that enabled code execution with elevated privileges. Lecigne and Ó Cearbhaill were credited with reporting the security issues.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.