Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group’s Pegasus mercenary spyware.
The issues are described as below –
- CVE-2023-41061 – A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment.
- CVE-2023-41064 – A buffer overflow issue in the Image I/O component that could result in arbitrary code execution when processing a maliciously crafted image.
The updates are available for the following devices and operating systems –
Cupertino has so far fixed a total of 13 zero-day bugs in its software since the start of the year. The latest updates also arrive more than a month after the company shipped fixes for an actively exploited kernel flaw (CVE-2023-38606).
News of the zero-days comes as the Chinese government is believed to have ordered a ban prohibiting central and state government officials from using iPhones and other foreign-branded devices for work in an attempt to reduce reliance on overseas technology and amid an escalating Sino-U.S. trade war.
Source: https://thehackernews.com/