Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs

Cyber Security

Jul 25, 2023THNEndpoint Security / Zero Day

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild.

Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1,” the tech giant noted in its advisory.

It’s worth noting that CVE-2023-38606 is the third security vulnerability discovered in connection with Operation Triangulation, a sophisticated mobile cyber espionage campaign targeting iOS devices since 2019 using a zero-click exploit chain. The other two zero-days, CVE-2023-32434 and CVE-2023-32435, were patched by Apple last month.

Kaspersky researchers Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin, Leonid Bezvershenko, and Boris Larin have been credited with discovering and reporting the flaw.

The updates are available for the following devices and operating systems –

With the latest round of patches, Apple has resolved a total of 11 zero-days impacting its software since the start of 2023. It also comes two weeks after the company published emergency fixes for a remote code execution bug in WebKit that could lead to arbitrary code execution (CVE-2023-37450).

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Sony Announces PlayStation Black Friday Deals in India; PS5 Gets Rs. 7,500 Discount
Apple to Urge Judge to End US Smartphone Monopoly Case
Elon Musk’s Neuralink Cleared to Start Brain Chip Trial in Canada
iPhone 17 Air to Be Apple’s Thinnest-Ever Phone; A19 Chips to Be Built Using TSMC’s New Technology: Report
Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks