https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-3-new-zero-days-exploited-in-attacks/ BleepingComputer.com logo * * * * [ ] [Login] [Sign up] * * * * [ ] [Login] [Sign up] * News + Featured + Latest + T-Mobile app glitch let users see other people's account info T-Mobile app glitch let users see other people's account info + Signal adds quantum-resistant encryption to its E2EE messaging protocol Signal adds quantum-resistant encryption to its E2EE messaging protocol + Free Download Manager releases script to check for Linux malware Free Download Manager releases script to check for Linux malware + Hackers breached International Criminal Court's systems last week Hackers breached International Criminal Court's systems last week + 'Sandman' hackers backdoor telcos with new LuaDream malware 'Sandman' hackers backdoor telcos with new LuaDream malware + GitHub passkeys generally available for passwordless sign-ins GitHub passkeys generally available for passwordless sign-ins + Save over $300 on this CISSP cybersecurity training course bundle Save over $300 on this CISSP cybersecurity training course bundle + Apple emergency updates fix 3 new zero-days exploited in attacks Apple emergency updates fix 3 new zero-days exploited in attacks * Downloads + Latest + Most Downloaded + Qualys BrowserCheck Qualys BrowserCheck + STOPDecrypter STOPDecrypter + AuroraDecrypter AuroraDecrypter + FilesLockerDecrypter FilesLockerDecrypter + AdwCleaner AdwCleaner + ComboFix ComboFix + RKill RKill + Junkware Removal Tool Junkware Removal Tool * VPNs + Popular + Best VPNs Best VPNs + How to change IP address How to change IP address + Access the dark web safely Access the dark web safely + Best VPN for YouTube Best VPN for YouTube * Virus Removal Guides + Latest + Most Viewed + Ransomware + Remove the Theonlinesearch.com Search Redirect Remove the Theonlinesearch.com Search Redirect + Remove the Smartwebfinder.com Search Redirect Remove the Smartwebfinder.com Search Redirect + How to remove the PBlock+ adware browser extension How to remove the PBlock+ adware browser extension + Remove the Toksearches.xyz Search Redirect Remove the Toksearches.xyz Search Redirect + Remove Security Tool and SecurityTool (Uninstall Guide) Remove Security Tool and SecurityTool (Uninstall Guide) + How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo + How to remove Antivirus 2009 (Uninstall Instructions) How to remove Antivirus 2009 (Uninstall Instructions) + How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller + Locky Ransomware Information, Help Guide, and FAQ Locky Ransomware Information, Help Guide, and FAQ + CryptoLocker Ransomware Information Guide and FAQ CryptoLocker Ransomware Information Guide and FAQ + CryptorBit and HowDecrypt Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ + CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ * Tutorials + Latest + Popular + How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 + How to use the Windows Registry Editor How to use the Windows Registry Editor + How to backup and restore the Windows Registry How to backup and restore the Windows Registry + How to open a Windows 11 Command Prompt as Administrator How to open a Windows 11 Command Prompt as Administrator + How to start Windows in Safe Mode How to start Windows in Safe Mode + How to remove a Trojan, Virus, Worm, or other Malware How to remove a Trojan, Virus, Worm, or other Malware + How to show hidden files in Windows 7 How to show hidden files in Windows 7 + How to see hidden files in Windows How to see hidden files in Windows * Deals + Categories + eLearning eLearning + IT Certification Courses IT Certification Courses + Gear & Gadgets Gear + Gadgets + Security Security * Forums * More + Startup Database + Uninstall Database + Glossary + Chat on Discord + Send us a Tip! + Welcome Guide * Home * News * Apple * Apple emergency updates fix 3 new zero-days exploited in attacks * * Apple emergency updates fix 3 new zero-days exploited in attacks By Sergiu Gatlan * September 21, 2023 * 01:57 PM * 0 Apple Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days fixed this year. Two bugs were found in the WebKit browser engine (CVE-2023-41993) and the Security framework (CVE-2023-41991), enabling attackers to bypass signature validation using malicious apps or gain arbitrary code execution via maliciously crafted webpages. The third one was found in the Kernel Framework, which provides APIs and support for kernel extensions and kernel-resident device drivers. Local attackers can exploit this flaw (CVE-2023-41992) to escalate privileges. Apple fixed the three zero-day bugs in macOS 12.7/13.6, iOS 16.7/ 17.0.1, iPadOS 16.7/17.0.1, and watchOS 9.6.3/10.0.1 by addressing a certificate validation issue and through improved checks. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7," the company revealed in security advisories describing the security flaws. The list of impacted devices encompasses older and newer device models, and it includes: * iPhone 8 and later * iPad mini 5th generation and later * Macs running macOS Monterey and newer * Apple Watch Series 4 and later All three zero-days were found and reported by Bill Marczak of the Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group. While Apple has yet to provide additional details regarding the flaws' exploitation in the wild, Citizen Lab and Google Threat Analysis Group security researchers have often disclosed zero-day bugs abused in targeted spyware attacks targeting high-risk individuals, including journalists, opposition politicians, and dissidents. Citizen Lab disclosed two other zero-days (CVE-2023-41061 and CVE-2023-41064), also fixed by Apple in emergency security updates earlier this month and abused as part of a zero-click exploit chain (dubbed BLASTPASS) to infect fully patched iPhones with NSO Group's Pegasus commercial spyware. Since the start of the year, Apple has also patched: * two zero-days (CVE-2023-37450 and CVE-2023-38606) in July * three zero-days (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439) in June * three more zero-days (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) in May * two zero-days (CVE-2023-28206 and CVE-2023-28205) in April * and another WebKit zero-day (CVE-2023-23529) in February Related Articles: Apple backports BLASTPASS zero-day fix to older iPhones Apple discloses 2 new zero-days exploited to attack iPhones, Macs Apple fixes new zero-day used in attacks against iPhones, Macs Trend Micro fixes endpoint protection zero-day used in attacks Adobe warns of critical Acrobat and Reader zero-day exploited in attacks * Actively Exploited * Apple * Mac * macOS * Zero-Day * * * * * Sergiu Gatlan Sergiu has covered cybersecurity, technology, and other news beats for more than a decade. Email or Twitter DMs for tips. * Previous Article * Next Article Post a Comment Community Rules You need to login in order to post a comment [Login] Not a member yet? Register Now You may also like: [INS::INS] [blink-ai-copilot] Popular Stories * Exchange Online Microsoft to start retiring Exchange Web Services in October 2026 * Telecom phone hacker Hackers backdoor telecom providers with new HTTPSnoop malware Follow us: * * * * * Main Sections * News * VPN Buyer Guides * Downloads * Virus Removal Guides * Tutorials * Startup Database * Uninstall Database * Glossary Community * Forums * Forum Rules * Chat Useful Resources * Welcome Guide * Sitemap Company * About BleepingComputer * Contact Us * Send us a Tip! * Advertising * Write for BleepingComputer * Social & Feeds * Changelog Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2023 Bleeping Computer^(r) LLC - All Rights Reserved Login Username [ ] Password [ ] [*] Remember Me [ ] Sign in anonymously [Login] Sign in with Twitter button Sign in with Twitter --------------------------------------------------------------------- Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? * ( )Spam * ( )Abusive or Harmful * ( )Inappropriate content * ( )Strong language * ( )Other [ ] * [ ] Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT