Apple emergency updates fix 3 new zero-days exploited in attacks

For a total of 16 zero-day vulnerabilities repaired this year, Apple delivered emergency security upgrades to patch three additional ones that were exploited in attacks against iPhone and Mac users. Apple addressed a certificate validation issue and strengthened checks to address the three zero-day flaws in macOS 12.7/13.6, iOS 16.7/17.0.1, iPadOS 16.7/17.0.1, and watchOS 9.6.3/10.0.1.

As a result of two issues that were discovered in the WebKit browser engine (CVE-2023-41993) and the Security framework (CVE-2023-41991), attackers are now able to use malicious apps to get around signature validation or maliciously created websites to execute arbitrary code. The Kernel Framework, which offers APIs and support for kernel extensions and kernel-resident device drivers, was where the third one was discovered. This vulnerability (CVE-2023-41992) allows local attackers to gain elevated privileges.

Apple emergency updates fix 3 new zero-days exploited in attacks

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Apple emergency updates fix 3 new zero-days exploited in attacks

21-Sep-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address