Apple has fixed three zero day vulnerabilities that were exploited by
Software

Apple has fixed three zero-day vulnerabilities that were exploited by attackers

Apple has released an emergency software update that addresses three zero-day vulnerabilities that have been actively exploited by attackers. The bugs affected the Safari browser as well as software platforms for Apple Watch, iPhone, iPad and Mac computers.

    Image source: Matias Cruz / pixabay.com

Image source: Matias Cruz / pixabay.com

The first vulnerability is assigned a number CVE-2023-41991 — It is connected and enabled with the Security Framework tools “Bypass signature verification”. The second, after the number CVE-2023-41992is a vulnerability in the Kernel Framework that can be used to escalate privileges on the system. Finally the third CVE-2023-41993is located in the WebKit browser engine and enables “Execute arbitrary code through malicious sites”.

The vulnerabilities affected a variety of Apple devices: iPhone 8 and all later models; iPad mini 5th generation and later; Smartwatches from Apple Watch Series 4; and Mac computers running macOS Monterey and later. Software bugs are addressed in updates to iOS 16.7, iOS 17.0.1, iPadOS 16.7, iPadOS 17.0.1, macOS Monterey 12.7, macOS Ventura 13.6, watchOS 9.6.3, watchOS 10.0.1, and Safari 16.6.1.

The vulnerabilities in Apple’s software were discovered by Bill Marczak of the Citizen Lab at the University of Toronto (Canada) and Maddie Stone of the Threat Analysis Group at Google.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment