Pair of Apple Zero-Days Under Active Exploit; Patch & Update Accordingly

Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns.

Dark Reading Staff, Dark Reading

April 10, 2023

1 Min Read
Apple iOS 16 photo illustration
Source: SOPA Images Limited via Alamy Stock Photo

On April 7, Apple released two security updates warning about two zero-day vulnerabilities under active exploit in the wild. By April 10, those were added to the Cybersecurity and Infrastructure Security Agency (CISA) known exploited vulnerabilities (KEV) list.

The impact of the two vulnerabilities is widespread, affecting macOS Ventura 13.3.1 for Apple Macs, in addition to the iOS 16.4.1 and iPadOS 16.4.1 operating systems used to run iPhones and iPads, according to Apple.

The first bug, CVE-2023-28205, is a flaw in Apple iOS, iPad OS, macOS, and Safari WebKit that could lead to code injection while processing malicious Web content, CISA explained. The second, CVE-2023-28206, affects Apple iOS, iPadOS, and macOS IOSurfaceAccelerator that, worryingly, could allow a malicious app to execute code with kernel privileges, CISA said.

Apple has issued updates for iOS 16 and iPad OS 16. Other macOS versions including Big Sur Monterey, and Ventura have patches that need to be installed, and as Sophos pointed out in a separate advisory, it's still unclear whether the bugs will impact iOS 15 users with older devices.

Both issues were reported by Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International's Security Lab, giving cybersecurity experts reason to believe the flaws are being exploited by state actors to deploy spyware.

"It is interesting that Amnesty International's Security Lab was one of the organizations involved in finding reporting the issue," Mike Parkin, senior technical engineer with Vulcan Cyber explained in a statement provided to Dark Reading. "While Apple hasn't said much about the exploits, it seems likely, given the reporting and earlier history, that the exploits were deployed by state-level threat actors."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights