Apple has released security updates for Apple iOS 16.3, macOS Ventura 13.2, macOS Big Sur 11.7.3, Safari 16.3, and other products. In addition a zero-day iOS fix was also made available for older iPhones.
A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.
iPhone zero-day CVE
Apple released a security update for iOS 12.5.7 for older iPhone models to fix a zero-day WebKit vulnerability CVE-2022-42856. Apple warns the CVE may have been exploited in the wild.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” Apple wrote in the advisory.
The update is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) models.
iOS 16.3 and iPad 16.3
The latest iOS 16.3 and iPadOS 16.3 security update fixed 13 vulnerabilities. three of those may allow an attacker to execute arbitrary code. One of those, a Kernel vulnerability CVE-2023-23504, could allow a malicious app to execute arbitrary code with kernel privileges.
The update is available for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
macOS Ventura 13.2
In addition, Apple released a new security update for macOS Ventura 13.2 that patched 26 vulnerabilities.
Two of the flaws could allow a malicious application to execute arbitrary code with kernel privileges: CVE-2023-23507 (Intel Graphics Driver) and CVE-2023-23504 (Kernel).
macOS Big Sur 11.7.3
Apple also published a security update for macOS Big Sur 11.7.3 that patched eight (8) vulnerabilities.
One of the more notable flaws CVE-2023-23513 (dcerpc) could allow the mounting of a maliciously crafted Samba network share to lead to arbitrary code execution.
Moreover, Apple released Safari 16.3 security update for macOS Big Sur and macOS Monterey.
The Safari update addressed three WebKit vulnerabilities that could allow the processing of maliciously crafted web content and arbitrary code execution.
Other Apple security updates
Finally, Apple released additional security updates for these products (along with number of CVEs):
- iOS 15.7.3 and iPadOS 15.7.3 (5 CVEs)
- macOS Monterey 12.6.3 (17 CVEs)
- watchOS 9.3 (12 CVEs)
- tvOS 16.3 (11 CVEs).
Readers can check out additional details by visiting Apple’s Security Updates page.
- Mozilla Releases Firefox 109 With Fixes For 4 High Severity Vulnerabilities
- Microsoft January 2023 Security Updates addresses 98 vulnerabilities (11 rated Critical, 1 zero day)
- Google releases Chrome OS security updates with fixes for 5 High severity vulnerabilities