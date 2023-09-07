逸耘居

Apple Releases Emergency Security Updates for Zero-Day Vulnerabilities

By罗伯特·安德鲁

7 年 2023 月 XNUMX 日
Apple has released emergency security updates to address two zero-day vulnerabilities that have been exploited in attacks targeting iPhone and Mac users. These latest fixes bring the total number of patched zero-days this year to 13.

The security flaws were discovered in the Image I/O and Wallet frameworks and are identified as CVE-2023-41064 and CVE-2023-41061. CVE-2023-41064 is a buffer overflow weakness that can be triggered by processing maliciously crafted images, potentially leading to arbitrary code execution on unpatched devices. On the other hand, CVE-2023-41061 is a validation issue that can also result in arbitrary code execution through a malicious attachment.

Apple has addressed these vulnerabilities in various operating system updates, including macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2. These updates include improvements in logic and memory handling to mitigate the risks associated with the zero-day vulnerabilities.

The impact of these security bugs is significant, as they affect a wide range of devices, including iPhone 8 and later models, the iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and Macs running macOS Ventura. Additionally, Apple Watch Series 4 and later models are also affected.

While specific details about the attacks leveraging these vulnerabilities have not been disclosed by Apple, it has acknowledged that CVE-2023-41064 was discovered and reported by Citizen Lab, a research organization known for its findings on Apple zero-days being exploited in targeted attacks.

This is not the first time Apple has addressed zero-day vulnerabilities this year. In July, the company released out-of-band Rapid Security Response (RSR) updates to fix a vulnerability affecting fully patched iPhones, Macs, and iPads. However, these updates initially caused issues with web browsing, and Apple had to release fixed versions of the patches.

