Apple has released more security patches after three zero-day vulnerabilities were discovered in iOS, iPadOS, MacOS, WatchOS, and Safari. These vulnerabilities are actively being exploited in the wild against several frameworks and systems of Apple products, making sixteen total zero-days in 2023. Barracuda SOC recommends reviewing this Cybersecurity Threat Advisory in detail, and applying the latest patches provided by Apple to mitigate the risk and impact.
What is the threat?
The first vulnerability discovered is CVE-2023-41991. This zero-day is associated with the certificate validation of the Security framework. If successfully exploited, attackers can allow a malicious application to avoid signature validation. The next zero-day is currently being tracked as CVE-2023-41992. This is a local privilege escalation flaw found in the Kernel framework of Apple products. Finally, CVE-2023-41993is an Apple Webkit arbitrary code execution vulnerability. It is exploited through specially developed webpages being processed by the browser engine. Bill Marczak of the Citizen Lab at the University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group are credited with discovering and reporting these zero-days.
The following Apple devices are affected:
- iPhone 8 and later
- iPad mini 5th generation and later
- Macs running macOS Monterey and later
- Apple Watch Series 4 and later
Why is it noteworthy?
Apple Inc. is one of the leading multi-national technology companies specializing in smart-devices, computers, and much more. These vulnerabilities are associated with several of their popular products including iPhones, Macs, watches, and iPads. The CVEs of the vulnerabilities received a Common Vulnerability Scoring System (CVSS) score ranging from a critical base score of 9.8 to a medium base score of 5.5 according to NIST’s National Vulnerability Database. Action should be taken as soon as possible.
What is the exposure or risk?
Apple’s recent zero-day vulnerabilities can lead to significant exposure and/or risk for its customers. If exploited successfully, it can lead to arbitrary code execution or local privilege escalation. Apple has released patches for these zero-day vulnerabilities found in their latest advisory.
What are the recommendations?
Barracuda SOC recommends the following actions to limit the impact of these zero-days:
- Install Apple’s latest patch on all affected devices.
References
For more in-depth information about the recommendations, please visit the following links:
- https://support.apple.com/en-us/HT213926
- https://thehackernews.com/2023/09/apple-rushes-to-patch-3-new-zero-day.html
- https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-3-new-zero-days-exploited-in-attacks/
- https://nvd.nist.gov/vuln/detail/CVE-2023-41991
- https://nvd.nist.gov/vuln/detail/CVE-2023-41992
- https://nvd.nist.gov/vuln/detail/CVE-2023-41993
If you have any questions about this Cybersecurity Threat Advisory, please contact our Security Operations Center.