A new Zero-Day vulnerability patch, has been released for a list apple product (iOS, iPadOS, macOS, Safari). Two weeks ago, we published the release of security update provided by apple, before the release of iOS 17.0. However, releasing of the iOS 17.0 ushered in three fresh vulnerabilities, which the organization pounced on immediately to fix.
The vulnerabilities are said to be associated with the following details:
- Certificate Validation issues (CVE-2023-41991): This is discovered in the security framework, and can enable malicious application bypass signature validation.
- Kernel Security flaws (CVE-2023-41992): This will result into privilege escalation, by a local attacker.
- Webkit flaw (CVE-2023-41993): enables the execution of arbitrary code when handling specifically crafted content.
Devices Associated with Security flaws, and Updates provided:
- All iPhone 8 and later, iPad Pro (All models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generations and later are said to be affected by these security flaws. Apple has gone ahead to release iOS 16.7, and iPadOS 16.7 updates as a fix for this vulnerability.
- The vulnerability was also detected in iPhone XS and later, iPad Pro 12.9-inch second generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later. Security fix for these released by apple are iOS 17.0.1 and iPadOS 17.0.1.
- Other security updates released by apple are macOS Monterey 12.7, macOS Ventura 13.6, and the apple watch series 4 and later have the update watchOS 9.6.3, watchOS 10.0.1, and Safari 16.6.1 for macOS Big Sur, and macOS Monterey.
The trillion dollar company credited Bill Marczak of citizen lab at the university of Toronto munk school and Maddie Stone from Google’s Threat Analysis Group (TAG).
Apple acknowledge that this issue might have been exploited in the wild against versions before iOS 16.7.
Please do let us know in the comment section what are your thoughts about this.