Apple releases urgent critical updates to all Apple Products
Take action: Time for another urgent patch of your Apple devices. Yes, it's a hassle. Yes, you still need to do it.
Just a week after releasing iOS 17, Apple has released critical security updates addressing three newly discovered zero-day vulnerabilities.
Two vulnerabilities, tracked as CVE-2023-41993 and CVE-2023-41991 were identified within the WebKit browser engine and Security framework. These vulnerabilities allow attackers to circumvent signature validation via malicious apps or achieve arbitrary code execution through maliciously crafted webpages.
The third vulnerability, tracked as CVE-2023-41992 in the Kernel Framework, responsible for APIs and support for kernel extensions and drivers, enables local attackers to escalate privileges
The impacted devices include
Apple acknowledged the potential active exploitation of these vulnerabilities, particularly on versions of iOS predating 16.7.
These zero-day vulnerabilities were promptly remedied by Apple in
While specific details regarding real-world exploitation remain undisclosed by Apple, it's worth noting that both Citizen Lab and Google's Threat Analysis Group have historically disclosed zero-day vulnerabilities used in targeted spyware attacks. These attacks primarily target high-risk individuals like journalists, opposition politicians, and dissidents.