Tuesday, September 17, 2024
HomeCyber Security NewsApple Patched Two New Zero-days That Were Exploited to Hack iPhones and...

Apple Patched Two New Zero-days That Were Exploited to Hack iPhones and macOS

Published on

Apple has recently taken swift action to patch two zero-day vulnerabilities that posed a potential threat of exploitation in cyberattacks. 

The vulnerabilities have been successfully fixed in emergency security updates released by Apple to safeguard its devices, such as iPhones, Macs, and iPads, against potential breaches.

One of the most alarming revelations is that Apple may have already known the exploitation of these zero-day vulnerabilities in the wild.

- Advertisement - EHA

Since we all know that Apple always follows a strict curriculum while handling or making public any technical details regarding zero-day flaws.

Experts from Amnesty International and Google’s Threat Analysis Group (TAG) have identified these two zero-day vulnerabilities:-

  • Clément Lecigne from TAG
  • Donncha Ó Cearbhaill from Amnesty International

Apple Zero-day Flaws

The two zero-day vulnerabilities were tracked as follows:-

  • CVE-2023-28206: It’s an IOSurfaceAccelerator out-of-bounds write, and it could lead to:-
  • Data corruption
  • A crash
  • Code execution

The successful exploitation of CVE-2023-28206 will enable an attacker to gain kernel privileges using a maliciously crafted application and execute arbitrary code on the target’s devices.

  • CVE-2023-28205: It’s a WebKit used after free weakness, and while reusing freed memory, it could lead to:-
  • Data corruption
  • Arbitrary code execution

The successful exploitation of CVE-2023-28205 enables the threat actors to deceive targets into downloading malicious web pages under their control, potentially resulting in the execution of arbitrary code on compromised devices.

While apart from this, it has been confirmed by security analysts that hackers exploiting these two vulnerabilities tend to focus their attacks on human rights workers.

Even these two zero-day vulnerabilities could be chained together with other security flaws in the wild to exploit iOS devices. 

One of the most concerning issues is that several users will remain vulnerable to these zero-day flaws since the threat actors are actively exploiting these zero-day flaws before any patches have been released.

Vulnerable Devices

It appears that Apple has provided quite a comprehensive list of vulnerable devices, and these devices include:-

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later
  • Macs running macOS Ventura

Fix

Apple released several emergency security updates in an attempt to address these two zero-day vulnerabilities, and here below, we have mentioned them:-

  • iOS 16.4.1
  • iPadOS 16.4.1
  • macOS Ventura 13.3.1
  • Safari 16.4.1

Cybersecurity researchers have urged users to immediately update their devices to prevent any potential breach or exploitation.

Struggling to Apply The Security Patch in Your System? – 

Related Read:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Entro Security Labs Releases Non-Human Identities Research Security Advisory

Analysis of millions of real-world NHI secrets by Entro Security Labs reveals widespread, significant...

Critical Vulnerabilities Impact Million of D-Link Routers, Patch Now!

Millions of D-Link routers are at risk due to several critical vulnerabilities. Security researcher...

Windows MSHTML Zero-Day Vulnerability Exploited In The Wild

Adobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products,...

Azure API Management Vulnerability Let Attackers Escalate Privileges

A vulnerability in Azure API Management (APIM) has been identified. It allows attackers to...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Entro Security Labs Releases Non-Human Identities Research Security Advisory

Analysis of millions of real-world NHI secrets by Entro Security Labs reveals widespread, significant...

Critical Vulnerabilities Impact Million of D-Link Routers, Patch Now!

Millions of D-Link routers are at risk due to several critical vulnerabilities. Security researcher...

Windows MSHTML Zero-Day Vulnerability Exploited In The Wild

Adobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products,...