Apple releases urgent critical updates to all Apple Products

published: Sept. 21, 2023

Take action: Time for another urgent patch of your Apple devices. Yes, it's a hassle. Yes, you still need to do it.

Learn More

Just a week after releasing iOS 17, Apple has released critical security updates addressing three newly discovered zero-day vulnerabilities.

Two vulnerabilities, tracked as CVE-2023-41993 and CVE-2023-41991 were identified within the WebKit browser engine and Security framework. These vulnerabilities allow attackers to circumvent signature validation via malicious apps or achieve arbitrary code execution through maliciously crafted webpages.

The third vulnerability, tracked as CVE-2023-41992 in the Kernel Framework, responsible for APIs and support for kernel extensions and drivers, enables local attackers to escalate privileges

The impacted devices include

  • iPhone 8 and later,
  • iPad mini 5th generation and later,
  • Macs running macOS Monterey and newer,
  • Apple Watch Series 4 and later.

Apple acknowledged the potential active exploitation of these vulnerabilities, particularly on versions of iOS predating 16.7.

These zero-day vulnerabilities were promptly remedied by Apple in

  • macOS 12.7/13.6,
  • iOS 16.7/17.0.1,
  • iPadOS 16.7/17.0.1,
  • watchOS 9.6.3/10.0.1.

While specific details regarding real-world exploitation remain undisclosed by Apple, it's worth noting that both Citizen Lab and Google's Threat Analysis Group have historically disclosed zero-day vulnerabilities used in targeted spyware attacks. These attacks primarily target high-risk individuals like journalists, opposition politicians, and dissidents.

Apple releases urgent critical updates to all Apple Products