Apple Patches 3 Zero-Days Possibly Already Exploited
In an advisory released by the company, Apple revealed patches for three previously unknown bugs it says may already have been used by attackers.
Three zero-day vulnerabilities — tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 — were found in Apple's WebKit browser platform and affect iOS, macOS, and iPad products.
These vulnerabilities affect "iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later," Apple said in one of its new advisories.
CVE-2023-32409 is a vulnerability in which a remote attacker is "able to break out of Web Content sandbox," according to Apple. The vendor said CVE-2023-28204 entails processing Web content that may disclose sensitive information, and CVE-2023-32373 warns that processing "maliciously crafted Web content may lead to arbitrary code execution."
Apple said it's aware that the bugs may have already been actively exploited by threat actors but did not elaborate on any of these attacks.
While Apple reported that two of the three vulnerabilities were reported by anonymous researchers after they were first addressed, one of them — CVE-2023-32409 — was reported by Clément Lecigne, a security engineer in Google's Threat Analysis Group, and Donncha Ó Cearbhaill, a security researcher and hacker in Amnesty International's Security Lab.
About the Author
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024