May 28, 2023

Apple has patched two actively exploited zero-day vulnerabilities, tracked as CVE-2023-28205 and CVE-2023-28206, impacting iPhones, Macs, and iPads.

The zero-day CVE-2023-28205 is a use after free issue that resides in the WebKit, its exploitation may lead to arbitrary code execution. An attacker can trigger the flaw by tricking the victims into loading maliciously crafted web pages. The flaw was addressed with improved memory management.

The zero-day CVE-2023-28206 is an out-of-bounds write issue that resides in the IOSurfaceAccelerator.The flaw was addressed with improved input validation. An attacker can achieve arbitrary code execution by tricking the victims into visiting maliciously crafted web content.

Advertisements

Apple addressed the zero-day issue with the release of macOS Ventura 13.3.1, iOS 16.4.1, iPadOS 16.4.1, and Safari 16.4.1.

These were reported by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab.

Impacted devices

  • iPhone 8 and later,
  • iPad Pro (all models),
  • iPad Air 3rd generation and later,
  • iPad 5th generation and later,
  • iPad mini 5th generation and later,
  • and Macs running macOS Ventura.
Tags:

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: