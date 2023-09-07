Stadsleven

Onthulling van nieuwe technologieën en de kracht van AI

Technologie

Apple brengt noodbeveiligingsupdates uit om zero-day-exploits te verhelpen

ByMamfo Brescia

September 7, 2023
Apple brengt noodbeveiligingsupdates uit om zero-day-exploits te verhelpen

Overzicht:
Apple has released emergency security updates to fix two zero-day vulnerabilities that were actively exploited to deploy NSO Group’s Pegasus spyware onto fully patched iPhones. The vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061, allowed attackers to infect iPhones running the latest version of iOS without any interaction from the victim. The exploit involved malicious PassKit attachments containing images sent via iMessage. To protect against targeted attacks, Citizen Lab urged Apple customers to update their devices immediately and activate Lockdown Mode if they are at risk due to their identity or profession. The vulnerabilities were discovered by Apple and Citizen Lab security researchers in the Image I/O and Wallet frameworks. Apple has addressed the flaws in various software versions, including macOS Ventura, iOS, iPadOS, and watchOS. This marks the thirteenth zero-day that Apple has fixed this year to safeguard its devices.

Meer gedetailleerd:
The two zero-day vulnerabilities, CVE-2023-41064 and CVE-2023-41061, were actively exploited as part of a zero-click exploit chain to deliver the Pegasus spyware onto fully patched iPhones. These bugs allowed threat actors to gain arbitrary code execution on unpatched iPhone and iPad devices.

CVE-2023-41064 is a buffer overflow vulnerability triggered when processing maliciously crafted images, while CVE-2023-41061 is a validation issue that can be exploited through malicious attachments.

Apple has taken swift action to address these vulnerabilities by releasing security updates for macOS Ventura, iOS, iPadOS, and watchOS. The updates include improvements to logic and memory handling to mitigate the risks posed by these zero-days.

Furthermore, Citizen Lab, a nonprofit research organization, has urged Apple customers to promptly update their devices to ensure their security. They have also encouraged individuals who may be at risk of targeted attacks due to their identity or profession to activate Lockdown Mode. This extra layer of protection can help safeguard sensitive data and prevent unauthorized access.

Citizen Lab’s collaboration with Apple in discovering these zero-days highlights the ongoing efforts to enhance security measures and protect users from sophisticated threats. Apple has demonstrated a strong commitment to promptly patching vulnerabilities and ensuring the safety of its devices.

Bronnen:
– Citizen Lab: [insert source URL]
– Apple: [insert source URL]

By Mamfo Brescia

Verwant bericht

Technologie

Epic Games Chief Creative Officer Donald Mustard gaat met pensioen

September 9, 2023 Gabriël Botha
Technologie

Toyota GR Corolla Morizo ​​versus Honda Civic Type-R: een spannende U-Drag-race

September 9, 2023 Mamfo Brescia
Technologie

De openbare bibliotheek van McCracken County biedt gratis computer- en digitale alfabetiseringscursussen voor ouderen

September 9, 2023 Mamfo Brescia

Je miste

Nieuws

Onderzoek naar de toekomst van edge-beveiliging in LAMEA-telecommunicatie

September 9, 2023 0 reacties
Technologie

Epic Games Chief Creative Officer Donald Mustard gaat met pensioen

September 9, 2023 Gabriël Botha 0 reacties
Technologie

Toyota GR Corolla Morizo ​​versus Honda Civic Type-R: een spannende U-Drag-race

September 9, 2023 Mamfo Brescia 0 reacties
Wetenschap

Uit nieuw onderzoek blijkt dat de combinatie van Piroxicam en Levonorgestrel de effectiviteit van noodanticonceptie verhoogt

September 9, 2023 Vicky Stavropoulou 0 reacties