Apple fights cyberspyware: new updates against full takeover of iPhone and Mac
Zero-day vulnerabilities are no longer a threat to Apple users.
Apple released security updates to address zero-day vulnerabilities used in attacks on iPhone, Mac and iPad.
IN security bulletin Apple has described a WebKit zero-day vulnerability being tracked as CVE-2023-37450 , which was fixed in a new round of Rapid Security Response (RSR) updates earlier in July. The flaw allows an attacker to execute arbitrary code, forcing victims to open malicious web pages.
Another 0day vulnerability fixed today is a new kernel vulnerability CVE-2023-38606 , which was used in attacks targeting devices with versions of iOS prior to iOS 15.7.1. The flaw allows an attacker to change important kernel states. Apple has fixed two vulnerabilities by improving checks and state management.
Since the beginning of 2023, the company has already fixed ten zero-day vulnerabilities exploited to hack iPhone, Mac or iPad:
- three zero-day vulnerabilities ( CVE-2023-32434 , CVE-2023-32435 And CVE-2023-32439 ) in June;
- three more zero-day vulnerabilities ( CVE-2023-32409 , CVE-2023-28204 And CVE-2023-32373 ) in May;
- two zero-day vulnerabilities ( CVE-2023-28206 And CVE-2023-28205 ) in April;
- and another zero-day WebKit vulnerability ( CVE-2023-23529 ) in February.
The list of devices affected by today’s two zero days fixed is quite extensive and includes a wide range of iPhone and iPad models, as well as Mac computers running macOS Big Sur, Monterey and Ventura.