Apple Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.
Note:
CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439 are being exploited in the wild. These vulnerabilities are related to the Kernel and WebKit components that may lead to arbitrary code execution. Threat actors may exploit the kernel vulnerability to execute arbitrary code with kernel privileges. For vulnerabilities of WebKit component, threat actors may execute arbitrary code on target device when the WebKit component processes a maliciously crafted web content. Kaspersky discovered these vulnerabilities were related to Operation Triangulation attack campaign.
Impact
- Remote Code Execution
System / Technologies affected
- Versions prior to Safari 16.5.1
- Versions prior to iOS 16.5.1 and iPadOS 16.5.1
- Versions prior to iOS 15.7.7 and iPadOS 15.7.7
- Versions prior to macOS Ventura 13.4.1
- Versions prior to macOS Monterey 12.6.7
- Versions prior to macOS Big Sur 11.7.8
- Versions prior to watchOS 9.5.2
- Versions prior to watchOS 8.8.1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- Safari 16.5.1
- iOS 16.5.1 and iPadOS 16.5.1
- iOS 15.7.7 and iPadOS 15.7.7
- macOS Ventura 13.4.1
- macOS Monterey 12.6.7
- macOS Big Sur 11.7.8
- watchOS 9.5.2
- watchOS 8.8.1
Vulnerability Identifier
Source
Related Link
- https://support.apple.com/en-us/HT213808
- https://support.apple.com/en-us/HT213809
- https://support.apple.com/en-us/HT213810
- https://support.apple.com/en-us/HT213811
- https://support.apple.com/en-us/HT213812
- https://support.apple.com/en-us/HT213813
- https://support.apple.com/en-us/HT213814
- https://support.apple.com/en-us/HT213816
沒有留言:
發佈留言