+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

Actively Exploited Flaws Patched in Apple Devices

The latest software updates released by Apple for macOS, iOS, iPadOS, Safari, tvOS, and watchOS contain patches for three zero-day vulnerabilities that are known to be actively exploited in attacks. These vulnerabilities exist within the WebKit browser engine used by Safari, and other macOS and iOS applications. Currently the CVE information about these vulnerabilities is limited and no CVSS scores have been published yet on the NIST National Vulnerability Database.  

The first vulnerability tracked as CVE-2023-32409 can be exploited by a remote attacker to allow them to break out of the WebContent sandbox. This has been resolved in the recent updates with improved bounds checking. The other two zero-day flaws were first resolved in the new Rapid Security Response system updates, in macOS 13.3.1, iOS 16.4.1, and iPadOS 16.4.1, which were released at the start of the month. CVE-2023-28204, is an out-of-bounds read vulnerability, that attackers can exploit through the issues processing web content which can lead to disclosure of sensitive information. The latest updates have resolved this through improved input validation. The final actively exploited flaw patched is a use-after-free vulnerability tracked as CVE-2023-32373. Attackers can exploit this flaw by sending malicious web content to the vulnerable WebKit for processing, which can then lead to arbitrary code execution. Improved memory management resolves this issue in the new updates. 

The fixed software versions include iOS 16.5 and iPadOS 16.5, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, macOS Ventura 13.4, tvOS 16.5, and watchOS 9.5. Apple security updates were also released for macOS Big Sur 11.7.7 and macOS Monterey 12.6.6 on the same day, however these updates do not contain patches for these zero-day flaws. These macOS updates do still contain patches for a number of identified security risks including vulnerabilities with associated CVE-IDs, so these updates should still be applied by users of these systems. A full list of the most recent security updates can be found on Apple’s website. 

 

 

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.