new updates vs full takeover of iPhone and Mac

Apple released security updates to address zero-day vulnerabilities used in attacks on iPhone, Mac and iPad.

IN security bulletin Apple has described a WebKit zero-day vulnerability being tracked as CVE-2023-37450 , which was fixed in a new round of Rapid Security Response (RSR) updates earlier in July. The flaw allows an attacker to execute arbitrary code, forcing victims to open malicious web pages.

Another 0day vulnerability fixed today is a new kernel vulnerability CVE-2023-38606 , which was used in attacks targeting devices with versions of iOS prior to iOS 15.7.1. The flaw allows an attacker to change important kernel states. Apple has fixed two vulnerabilities by improving checks and state management.

According to Kaspersky GReAT security researchers, the CVE-2023-38606 bug is part of the chain Zero Click exploits used in Triangulation spy campaign on iPhone .

Since the beginning of 2023, the company has already fixed ten zero-day vulnerabilities exploited to hack iPhone, Mac or iPad:

1. three zero-day vulnerabilities ( CVE-2023-32434 , CVE-2023-32435 And CVE-2023-32439 ) in June;
2. three more zero-day vulnerabilities ( CVE-2023-32409 , CVE-2023-28204 And CVE-2023-32373 ) in May;
3. two zero-day vulnerabilities ( CVE-2023-28206 And CVE-2023-28205 ) in April;
4. and another zero-day WebKit vulnerability ( CVE-2023-23529 ) in February.

The list of devices affected by today’s two zero days fixed is quite extensive and includes a wide range of iPhone and iPad models, as well as Mac computers running macOS Big Sur, Monterey and Ventura.