Apple fixes two exploits to hack the iPhone and iPad Mac
(Apple) has issued emergency security updates to address two newly exposed vulnerabilities that were exploited in cyberattacks to penetrate iPhone smartphones, iPad tablets, and Mac computers.
"Apple is aware of a report that this issue has been actively exploited," the company said Friday in two security bulletins describing the issues.
The first vulnerability, which is being tracked under ID CVE-2023-28206, can lead to data corruption, crashes, or code execution. Successful exploitation of this vulnerability allows an attacker to use a malicious application to execute arbitrary code with kernel privileges on target machines.
Similar to the first vulnerability, the other, tracked under ID CVE-2023-28205, could lead to data corruption or arbitrary code execution when freed memory is reused.
This vulnerability can be exploited by tricking targets into downloading malicious web pages under attackers' control, which can lead to code execution on compromised systems.
Related topics to what you are reading now:
What did Apple do?
Apple addressed the two vulnerabilities exposed in version 16.4.1 of the operating systems (iOS) and (iPadOS), the web browser (Safari), and in version 13.3.1 of the operating system (Mac OS Ventura) with an improvement Input validation and memory management.
Apple says the list of affected devices is very broad, and includes: the iPhone 8 and later, all iPad Pro tablet models, the third generation iPad Air tablet computer and later, the fifth generation iPad and iPad mini computers and later, in addition to Mac computers. operating system (Mac OS Ventura).
Although Apple says it is aware of reports of active exploits, the company has not yet released information regarding these attacks.
However, it revealed that Google's (Threat Analysis Group) and AI's (Security Lab) were the ones who reported the two vulnerabilities to it after their workers discovered they were exploited as part of an exploit chain.
Both organizations regularly expose campaigns that exploit exposed vulnerabilities that government-sponsored threat actors abuse to spread commercial spyware into the smartphones and computers of politicians, journalists, dissidents and other vulnerable individuals around the world.
Last week, Google and Amnesty International's Threat Analysis Group uncovered two recent series of attacks using exploit threads in Android, iOS, and the Chrome web browser.
While the two exposed vulnerabilities that Apple has now addressed are likely exploited in highly targeted attacks, it is highly recommended that you install these emergency updates as soon as possible to prevent potential attack attempts.
And last February, Apple addressed an exposed vulnerability in the WebKit engine that was exploited in attacks to disrupt the operating system and execute code on vulnerable iPhones, iPads, and Macs.