Apple has issued an emergency fix for the latest exploited zero-day bug found affecting its software in 2023 — a list that also includes the Operation Triangulation spyware flaws.

Dark Reading Staff, Dark Reading

July 25, 2023

1 Min Read
someone holding a lock in front of the Apple logo
Source: Alberto Garcia Guillen via Shutterstock

Apple has addressed multiple security vulnerabilities in an emergency patch drop, one of which is a zero-day vulnerability tracked as CVE-2023-38606 being actively exploited in the wild.

This is the latest resolved zero-day bug in a series of 11 such flaws affecting its software in 2023 alone. In its advisory, the company noted that the vulnerability can be exploited on iPhones and iPads by an app that may have malicious intentions to potentially modify the sensitive kernel state.

It also stated that this vulnerability was addressed with improved state management, and that "Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1."

Five Kaspersky security researchers were credited with finding the flaw; that team also earlier this year discovered a series of Apple zero-day flaws connected to "Operation Triangulation," a sophisticated iOS cyberespionage spy campaign that proved to be ongoing since 2019. The three relevant vulnerabilities — used to deploy TriangleDB spying implants on iOS devices — are known as CVE-2023-46690CVE-2023-32434, and CVE-2023-32439.

The latest patches are available for multiple Apple products, including the iPhone 8 and later, all iPad Pro models, and the iPad Air 3rd generation, iPad 5th generation, and iPad mini 5th generation and later.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights