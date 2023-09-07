Ζωή στην πόλη

Η Apple κυκλοφορεί ενημερώσεις ασφαλείας έκτακτης ανάγκης για να διορθώσει τα Zero-Day Exploits

7 Σεπτεμβρίου 2023
Περίληψη:
Apple has released emergency security updates to fix two zero-day vulnerabilities that were actively exploited to deploy NSO Group’s Pegasus spyware onto fully patched iPhones. The vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061, allowed attackers to infect iPhones running the latest version of iOS without any interaction from the victim. The exploit involved malicious PassKit attachments containing images sent via iMessage. To protect against targeted attacks, Citizen Lab urged Apple customers to update their devices immediately and activate Lockdown Mode if they are at risk due to their identity or profession. The vulnerabilities were discovered by Apple and Citizen Lab security researchers in the Image I/O and Wallet frameworks. Apple has addressed the flaws in various software versions, including macOS Ventura, iOS, iPadOS, and watchOS. This marks the thirteenth zero-day that Apple has fixed this year to safeguard its devices.

Με περισσότερες λεπτομέρειες:
The two zero-day vulnerabilities, CVE-2023-41064 and CVE-2023-41061, were actively exploited as part of a zero-click exploit chain to deliver the Pegasus spyware onto fully patched iPhones. These bugs allowed threat actors to gain arbitrary code execution on unpatched iPhone and iPad devices.

CVE-2023-41064 is a buffer overflow vulnerability triggered when processing maliciously crafted images, while CVE-2023-41061 is a validation issue that can be exploited through malicious attachments.

Apple has taken swift action to address these vulnerabilities by releasing security updates for macOS Ventura, iOS, iPadOS, and watchOS. The updates include improvements to logic and memory handling to mitigate the risks posed by these zero-days.

Furthermore, Citizen Lab, a nonprofit research organization, has urged Apple customers to promptly update their devices to ensure their security. They have also encouraged individuals who may be at risk of targeted attacks due to their identity or profession to activate Lockdown Mode. This extra layer of protection can help safeguard sensitive data and prevent unauthorized access.

Citizen Lab’s collaboration with Apple in discovering these zero-days highlights the ongoing efforts to enhance security measures and protect users from sophisticated threats. Apple has demonstrated a strong commitment to promptly patching vulnerabilities and ensuring the safety of its devices.

