We could see these bugs being chained together: a webpage could inject code that elevates its privileges to kernel level to take over a system, for instance.Įach bug, according to Apple, "may have been actively exploited against versions of iOS before iOS 16.7." However, due to the way the iGiant's various products share various bits of the same code, it's not just iPhones and iOS that are vulnerable: other Apple gear is affected and ought to be patched so that further exploitation is prevented. CVE-2023-41993: Apple said "processing web content may lead to arbitrary code execution," which again was addressed "with improved checks." A maliciously crafted webpage could exploit this when someone browses that page on a vulnerable device.CVE-2023-41992: This is a kernel-level privilege escalation hole that was fixed "with improved checks." This can be abused by rogue applications and users to gain the necessary privileges to take full control of a device.CVE-2023-41991: According to Apple, "a malicious app may be able to bypass signature validation," and was fixed by correcting "a certificate validation issue.".We've just learned today that the Predator spyware sold by Intellexa used these vulnerabilities to infect at least one target's iPhone. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as three CVE-listed flaws. Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |