Apple has always been known for its state-of-the-art technology, and the brand’s devices have become an integral part of our daily lives. However, with digital security becoming increasingly vital, the recent discovery of two zero-day vulnerabilities impacting several Apple devices is cause for concern. In this article, we’ll discuss these vulnerabilities, how they can be exploited, and what you can do to protect your Apple device.
The two zero-day vulnerabilities, CVE-2023-28205 and CVE-2023-28206, were discovered by Clément Lecigne of Google’s Threat Analysis Group and Donncha o Cearbhaill of Amnesty International’s Security Lab. Both vulnerabilities have been actively exploited by hackers, which puts Apple on high alert.
CVE-2023-28205 is a use-after-free vulnerability found in WebKit. This vulnerability can be exploited by attackers who can trick users into visiting malicious websites under their control, resulting in the execution of malware on the infiltrated computer. In other words, visiting a hacked website is all it takes for hackers to take over your device.
CVE-2023-28206 is an out-of-bounds write vulnerability found in IOSurfaceAccelerator. An application can exploit this vulnerability by exceeding the boundaries of IOSurfaceAccelerator, allowing attackers to execute arbitrary code with kernel privileges. This gives hackers the highest level of access to your device, effectively putting it under their control.
Apple has taken swift action to address these vulnerabilities. The latest versions of iOS (16.4.1), iPadOS (16.4.1), macOS Yosemite (13.3.1), and Safari (16.4.1) have been updated with enhanced input validation and memory management to resolve these issues.
It’s worth noting that a similar problem, CVE-2023-23529, was identified in February, and Apple issued critical security upgrades to resolve it. This WebKit type confusion problem was fixed by the tech giant by implementing enhanced checks.
Who Is Impacted?
Several Apple devices have been impacted, including:
- iPhone 8 and subsequent models,
- all models of iPad Pro,
- iPad Air models starting with the 3rd generation and later,
- iPad models starting with the 5th generation and later,
- iPad mini models starting with the 5th generation and later,
- and Macs running macOS Vista
Protecting Your Device
Apple has advised all users to promptly upgrade their devices to the latest operating system to guard against the possibility of exploitation. Keep in mind that maintaining a proactive approach to cybersecurity and updating your device with the most recent software patches and updates is essential.
In conclusion, the discovery of these two zero-day vulnerabilities in Apple devices is concerning, but the company has taken quick action to resolve them. Make sure to upgrade your device as soon as possible, and keep your software up to date to protect your device from potential attacks.