Apple releases emergency fix for three serious iOS and macOS bugs — update your Mac and iPhone now

Apple store logo on December 30, 2011 in New York City. It is the world's largest publicly traded company designs and sells consumer electronics and computer products.
(Image credit: Songquan Deng via Shutterstock)

Apple has patched three newly discovered zero-day vulnerabilities through which threat actors were allegedly targeting iPhone and Mac users.

In multiple security advisories published on the Apple website, it was said that the flaws were found in the WebKit browser engine (CVE-2023-41993), the Security framework (CVE-2023-41991), and the Kernel framework (CVE-2023-41992). While the first two could be used by threat actors to run arbitrary code execution, the third one could be used to escalate privileges.

In other words, all three allow hackers to run malware on iPhone and Mac devices.

iOS and macOS flaws

The endpoints vulnerable to these flaws include iPhones 8 and newer, iPad mini 5th generation and newer, all Macs from macOS Monterey on, and all Apple Watch Series 4 and newer. To plug the holes, users should bring their macOS to version 12.7/13.6, iOS to version 16.7/17.0.1 iPadOS to version 16.7/17.0.1, and watchOS to version 9.6.3/10.0.1.

"Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7," the security advisory reads. The vulnerabilities were discovered by Citizen Lab’s cybersecurity researcher Bill Marczak, and Google’s Threat Analysis Group’s (TAG) researcher Maddie Stone. 

While the Cupertino giant is yet to disclose any details about the groups exploiting the flaws, as well as their targets, BleepignComputer reminds that TAG usually works on finding flaws used in targeted spyware attacks against high-profile organizations and individuals, including governments, journalists, human rights activists, dissidents, and similar. 

In total, Apple fixed 16 zero-day flaws this year, including two in July, three in June, and three in May. In April, Apple fixed two more zero days, and in February, one. Most flaws were found in its browser engine.

Via: BleepingComputer

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.