In today’s SensCy Cyber Alert, your SensCy team urges Apple product users to install the new updates immediately. The new update remediate TWO zero-day vulnerabilitIes in the iOS, Macs and iPad iOS that have been exploited in the wild.
CVE-2023-28205 – A use after free issue in WebKit that could lead to arbitrary code execution when processing specially crafted web content.
CVE-2023-28206 – An out-of-bounds write issue in IOSurfaceAccelerator that could enable an app to execute arbitrary code with kernel privileges.
The updates are available in version iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1.
In addition, the patches are available for older devices:
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Macs running macOS Big Sur, Monterey, and Ventura
What is a zero-day vulnerability?
In cybersecurity, a zero-day vulnerability refers to a vulnerability in a system or device that has been disclosed but not yet patched. The vulnerability was discovered before developers and security researchers were aware of it and could provide a patch/update.
How to check for new updates:
SensCy highly recommends turning on the Automatic Update on all Apple devices and products.
On your iPhone/iPad, go to the Settings App, scroll down to General, Click Software Update, Turn on Automatic Updates, and Download iOS 16.2
If you need additional information, use these Apple links:
iPhone/ iPad: macOS