Apple releases emergency fix for three serious iOS and macOS bugs — update your Mac and iPhone now

News
By published

Multiple iOS and macOS security flaws are being abused in the wild, Apple says

Apple store logo on December 30, 2011 in New York City. It is the world's largest publicly traded company designs and sells consumer electronics and computer products.
(Image credit: Songquan Deng via Shutterstock)

Apple has patched three newly discovered zero-day vulnerabilities through which threat actors were allegedly targeting iPhone and Mac users.

In multiple security advisories published on the Apple website, it was said that the flaws were found in the WebKit browser engine (CVE-2023-41993), the Security framework (CVE-2023-41991), and the Kernel framework (CVE-2023-41992). While the first two could be used by threat actors to run arbitrary code execution, the third one could be used to escalate privileges.

In other words, all three allow hackers to run malware on iPhone and Mac devices.

iOS and macOS flaws

The endpoints vulnerable to these flaws include iPhones 8 and newer, iPad mini 5th generation and newer, all Macs from macOS Monterey on, and all Apple Watch Series 4 and newer. To plug the holes, users should bring their macOS to version 12.7/13.6, iOS to version 16.7/17.0.1 iPadOS to version 16.7/17.0.1, and watchOS to version 9.6.3/10.0.1.

"Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7," the security advisory reads. The vulnerabilities were discovered by Citizen Lab’s cybersecurity researcher Bill Marczak, and Google’s Threat Analysis Group’s (TAG) researcher Maddie Stone. 

While the Cupertino giant is yet to disclose any details about the groups exploiting the flaws, as well as their targets, BleepignComputer reminds that TAG usually works on finding flaws used in targeted spyware attacks against high-profile organizations and individuals, including governments, journalists, human rights activists, dissidents, and similar. 

In total, Apple fixed 16 zero-day flaws this year, including two in July, three in June, and three in May. In April, Apple fixed two more zero days, and in February, one. Most flaws were found in its browser engine.

Via: BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Apple Siri
Update your Apple device now: iOS 18.3.2 fixes a flaw that could be exploited by hackers
An iPhone with a 10:30am alarm ringing next to an Apple Watch that displays the time as 12:42pm
Apple warns "extremely sophisticated attack" hits iPhones and iPads, so update now
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
Security
Microsoft reveals more on a potentially major Apple macOS security flaw
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
More about security
Data Breach

Thousands of healthcare records exposed online, including private patient information
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
Best email services: image of email with one unread message alert

Over 400 million unwanted and malicious emails were received by businesses in 2024
See more latest
Most Popular
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
The X logo next to a silhouette of Elon Musk
Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
A hand reaching out to touch a futuristic rendering of an AI processor.
Researchers want to embrace Arm's celebrated paradigm for a universal generative AI processor; a puzzling MEGA.mini core architecture
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Nokia 5G 360 Camera
This is the world's first 8K 5G 360 degrees camera - and it is also weatherproof
AI writer
Coding AI tells developer to write it himself
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer