#Cybersecurity#vulnerability#malware#security#software
  • Home
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Author : ArmCoding
26-09-2023
Share
Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16.

The list of security vulnerabilities is as follows –

  • CVE-2023-41991 – A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation.
  • CVE-2023-41992 – A security flaw in Kernel that could allow a local attacker to elevate their privileges.
  • CVE-2023-41993 – A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content.

The updates are available for the following devices and operating systems –

There is evidence to suggest that both CVE-2023-41064, a buffer overflow vulnerability in the Apple’s Image I/O image parsing framework, and CVE-2023-4863, a heap buffer overflow in the WebP image library (libwebp), could refer to the same bug, according to Isosceles founder and former Google Project Zero researcher Ben Hawkes.

“The good news is that the bug seems to be patched correctly in the upstream libwebp, and that patch is making its way to everywhere it should go,” Hawkes said. “The bad news is that libwebp is used in a lot of places, and it could be a while until the patch reaches saturation.”

 

Source: https://thehackernews.com/

#CVE#Cybersecurity#Hacker#iOS#malware#Network#security#software#WebKit#WebP
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
  • 31-05-2024
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
  • 31-05-2024
BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
  • 30-05-2024
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
  • 30-05-2024
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
  • 29-05-2024
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
  • 29-05-2024
4th Zero-Day Exploit Discovered in May 2024
4th Zero-Day Exploit Discovered in May 2024
  • 27-05-2024
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
  • 27-05-2024
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
  • 24-05-2024