Apple has recently taken swift action to patch two zero-day vulnerabilities that posed a potential threat of exploitation in cyberattacks.
The vulnerabilities have been successfully fixed in emergency security updates released by Apple to safeguard its devices, such as iPhones, Macs, and iPads, against potential breaches.
One of the most alarming revelations is that Apple may have already known the exploitation of these zero-day vulnerabilities in the wild.
Since we all know that Apple always follows a strict curriculum while handling or making public any technical details regarding zero-day flaws.
Experts from Amnesty International and Google’s Threat Analysis Group (TAG) have identified these two zero-day vulnerabilities:-
The two zero-day vulnerabilities were tracked as follows:-
The successful exploitation of CVE-2023-28206 will enable an attacker to gain kernel privileges using a maliciously crafted application and execute arbitrary code on the target’s devices.
The successful exploitation of CVE-2023-28205 enables the threat actors to deceive targets into downloading malicious web pages under their control, potentially resulting in the execution of arbitrary code on compromised devices.
While apart from this, it has been confirmed by security analysts that hackers exploiting these two vulnerabilities tend to focus their attacks on human rights workers.
Even these two zero-day vulnerabilities could be chained together with other security flaws in the wild to exploit iOS devices.
One of the most concerning issues is that several users will remain vulnerable to these zero-day flaws since the threat actors are actively exploiting these zero-day flaws before any patches have been released.
It appears that Apple has provided quite a comprehensive list of vulnerable devices, and these devices include:-
Apple released several emergency security updates in an attempt to address these two zero-day vulnerabilities, and here below, we have mentioned them:-
Cybersecurity researchers have urged users to immediately update their devices to prevent any potential breach or exploitation.
Struggling to Apply The Security Patch in Your System? –
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…