Apple releases a security update that fixes the 11th zero-day vulnerability of the year!

News 2023-07-26 06:45:50 views: null

Apple has released security updates to fix zero-day vulnerabilities for iPhones, Macs and iPads.

In an advisory, Apple described a WebKit vulnerability, tracked as CVE-2023-37450, that was addressed in a new round of Rapid Security Response (RSR) updates earlier this month.

Another zero-day vulnerability patched this time is a new kernel vulnerability, tracked as CVE-2023-38606, which targets devices running older versions of iOS.

Apple said: We are aware of reports that this vulnerability may have been actively exploited in versions of iOS released prior to iOS 15.7.1.

Attackers can exploit this on unpatched devices to modify sensitive kernel state. Apple has fixed both vulnerabilities through improved inspection and state management.

According to Boris Larin, Principal Security Researcher at Kaspersky GReAT, CVE-2023-38606 is part of a zero-click exploit chain used to deploy Triangulation spyware on iPhones via iMessage.

The company also returned a security patch for the zero-day vulnerability (CVE-2023-32409) fixed in May to devices running tvOS 16.6 and watchOS 9.6.

Apple addressed three zero-day vulnerabilities in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5 by improving bounds checking, input validation, and memory management.

The two zero-day vulnerabilities fixed this time affect a wide range of devices, including various models of iPhones and iPads, as well as Macs running macOS Big Sur, Monterey, and Ventura.

The eleventh zero-day vulnerability fixed this year

Since the beginning of the year, Apple has patched 11 zero-day vulnerabilities exploited by attackers.

Earlier this month, Apple released a Rapid Security Response (RSR) update to fix a vulnerability (CVE-2023-37450) affecting iPhones, Macs, and iPads.

But because the RSR update broke web browsing on some sites, the company released a patched version of the bug two days later.

Prior to this, Apple also fixed:

Three zero-point vulnerabilities in June (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439)

Three more zero-point vulnerabilities were addressed in May (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373)

Two zero-day vulnerabilities in April (CVE-2023-28206 and CVE-2023-28205)

and another WebKit zero-day vulnerability (CVE-2023-23529) in February

A total of eleven zero-day vulnerabilities.

 

Guess you like

Origin blog.csdn.net/FreeBuf_/article/details/131924554
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com