Subj : Apple reveals some serious security bugs, so be on your guard
To   : All
From : TechnologyDaily
Date : Fri May 19 2023 12:00:04

Apple reveals some serious security bugs, so be on your guard

Date:
Fri, 19 May 2023 10:56:24 +0000

Description:
Three zero-days were discovered being used in the wild against iPhones, Macs, 
and iPad devices.

FULL STORY
======================================================================

Apple has announced it has fixed three zero-day vulnerabilities that various 
threat actors are using to target iPhones, Macs, and iPad devices. 

In a security advisory , the company said all three flaws were found in its 
WebKit browser engine. WebKit is Apples browser engine best known for being 
the underlying technology in the Safari web browser , as well as being used 
in all web browsers on iOS and iPadOS. 

As such, WebKit is an attractive target for threat actors looking for 
vulnerabilities that can be used to grant access to the target endpoint. No 
details 

In this particular instance, Apple found flaws tracked as CVE-2023-32409, 
CVE-2023-28204, and CVE-2023-32373. 

One is a sandbox escape flaw, one an out-of-bounds read flaw that allows 
threat actors unabated access to sensitive information, and one a 
use-after-free vulnerability allowing for arbitrary code execution. 

"Apple is aware of a report that this issue may have been actively 
exploited," Apples security advisory reads. As usual, the details about the 
groups leveraging the flaw, or their modus operandi, were not disclosed, so 
as to not give other threat actors any ideas while consumers and businesses 
update their devices. Hence, we dont know if any new malware was found in the 
wild. 

Apple declined the medias request for additional comments. Read more 

> Apple Safari patched to fix potentially dangerous zero-day flaws 


 > Apple just patched a pair of dangerous iOS and macOS security issues, so 
update now 


 > Here's our list of the best firewalls around 

The flaws were fixed in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, 
watchOS 9.5, and Safari 16.5, the company confirmed. 

Here is a full list of all affected devices: iPhone 6s (all models), iPhone 7 
(all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th 
generation), iPod touch (7th generation), and iPhone 8 and later iPad Pro 
(all models), iPad Air 3rd generation and later, iPad 5th generation and 
later, and iPad mini 5th generation and later Macs running macOS Big Sur, 
Monterey, and Ventura Apple Watch Series 4 and later Apple TV 4K (all models) 
and Apple TV HD Stay protected online with these best endpoint security 
software 

Via: BleepingComputer



======================================================================
Link to news story:
https://www.techradar.com/news/apple-reveals-some-serious-security-bugs-so-be-
on-your-guard


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.