Apple has released a series of emergency patches to address three zero-day vulnerabilities discovered in iOS, iPadOS, macOS and watchOS. It’s best to install these security updates as soon as possible to ensure you stay safe.
Apple announces patches for three zero day vulnerabilities
The three zero-day vulnerabilities were detected and reported by researchers at Citizen Lab of the University of Toronto and the Google Threat Analysis Group. Unfortunately, specific details on the attacks still remain scarce, but as reported by Il Punto Informatico it seems likely that the main targets were journalists, dissidents and political opponents, for espionage purposes.
The first vulnerability, identified as CVE-2023-41992, resides in the kernel and can be exploited to gain elevated privileges via local access. The second vulnerability, named CVE-2023-41991is present in framework Security and is used to evade signature validation of infected apps.
Apple has released patches for this two vulnerabilities for iOS 16.7/17.0.1, iPadOS 16.7/17.0.1, macOS 12.7/13.6, and watchOS 9.6.3/10.0.1.
The third vulnerability, identified as CVE-2023-41993resides in WebKitSafari’s rendering engine, and is used to run arbitrary code when a user visits a compromised web page. Fixes for this vulnerability have been integrated into iOS 16.7/17.0.1, iPadOS 16.7/17.0.1 and Safari 16.6.1.
The release of these patches underlines Apple’s attention to the safety of its users. Since the beginning of the year, the company faced 16 zero-day vulnerabilities. It is best to install patches to resolve security risks.