Par Apple Zero-Days Under Active Exploit; Patch & Opdater i overensstemmelse hermed

Den 7. april udgav Apple to sikkerhedsopdateringer, der advarer om to nul-dages sårbarheder under aktiv udnyttelse i naturen. Den 10. april blev disse tilføjet til Cybersecurity and Infrastructure Security Agency (CISA) listen over kendte udnyttede sårbarheder (KEV).

Virkningen af to sårbarheder er udbredt, der påvirker macOS Ventura 13.3.1 til Apple Macs, ud over operativsystemerne iOS 16.4.1 og iPadOS 16.4.1, der bruges til at køre iPhones og iPads, ifølge Apple.

Den første fejl, CVE-2023-28205, er en fejl i Apple iOS, iPad OS, macOS og Safari WebKit, der kan føre til kodeinjektion, mens behandler ondsindet webindhold, forklarede CISA. Sekundet, CVE-2023-28206, påvirker Apple iOS, iPadOS og macOS IOSurfaceAccelerator, der bekymrende nok kunne tillade en ondsindet app at udføre kode med kernerettigheder, sagde CISA.

Apple has issued updates for iOS 16 and iPad OS 16. Other macOS versions including Big Sur Monterey, and Ventura have patches that need to be installed, and as Sophos pointed out in a separate advisory, it’s still unclear whether the bugs will påvirke iOS 15-brugere med ældre enheder.

Begge problemer blev rapporteret af Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab, giving cybersecurity experts reason to believe the flaws are being exploited by state actors to deploy spyware.

“It is interesting that Amnesty International’s Security Lab was one of the organizations involved in finding reporting the issue,” Mike Parkin, senior technical engineer with Vulcan Cyber explained in a statement provided to Dark Reading. “While Apple hasn’t said much about the exploits, it seems likely, given the reporting and earlier history, that the exploits were deployed by state-level threat actors.”

• SEO Powered Content & PR Distribution. Bliv forstærket i dag.
• Platoblokkæde. Web3 Metaverse Intelligence. Viden forstærket. Adgang her.
• Kilde: https://www.darkreading.com/application-security/pair-apple-zero-days-active-exploit-patch-accordingly-