Apple Fixes 3 More Zero-Day Vulnerabilities

  /     /     /  
Publicated : 23/11/2024   Category : security


Apple Fixes 3 More Zero-Day Vulnerabilities


All of the security bugs are under active attacks, but the extent of their exploitation is unknown.



In an emergency security update, Apple has identified
three zero-day vulnerabilities
affecting iPhones and Mac products that are actively being exploited.
One vulnerability, tracked as
CVE-2023-41992
, is a flaw found in the Kernel Framework that threat actors can exploit to escalate privileges. Two of the other vulnerabilities, tracked as
CVE-2023-41993
and
CVE-2023-41991
. are found in the WebKit browser engine and the Security Framework, respectively. Threat actors gain the ability to potentially bypass signature validation as well as gain arbitrary code execution via maliciously crafted webpages should they exploit these vulnerabilities, according to Apples advisory.
Devices that are being impacted by these zero-days vary between older and more recent models of Apple products, including iPhone 8 and later; iPad mini 5th generation and later; any Mac running on macOS Monterey or later; and the Apple Watch Series 4 and later.
These issues have been fixed in iOS 16.7, iPadOS 16.7, OS 17.0.1, iPadOS 17.0.1, and Safari 16.6.1, and were
first discovered and reported
by Bill Marczak at Citizen Lab and Maddie Stone at Googles Threat Analysis Group. Citizen Lab typically keeps tabs on spyware cases, but so far there are no details available as to the nature of the in-the-wild exploits or attacks. 

Apple
is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7, the National Vulnerability Database stated, though the extent to which they were exploited is unknown.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Apple Fixes 3 More Zero-Day Vulnerabilities