In today’s SensCy Cyber Alert, your SensCy team urges Apple product users to install the new updates immediately. The new update remediates THREE new zero-day vulnerabilities in the iOS, macOS, iPadOS, watchOS, and tvOS that have been exploited in the wild.
CVE-2023-28204: an out-of-bounds read was issued in the WebKit that could disclose sensitive information.
CVE-2023-32409: is a WebKit flaw that a threat actor could exploit to break out of the Web Content sandbox.
CVE-2023-32373: could lead to arbitrary code execution when procession malicious web content.
The updates are available in version iOS 16.5, iPadOS 16.5, macOS Ventura 13.4, Safari 16.5, watchOS 9.5
In addition, the patches are available for older devices:
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Macs running macOS Big Sur, Monterey, and Ventura
Apple Watch Series 4 and later; Apple TV 4K (all models) and Apple TV HD
What is a zero-day vulnerability?
In cybersecurity, a zero-day vulnerability refers to a vulnerability in a system or device that has been disclosed but not yet patched. The vulnerability was discovered before developers and security researchers were aware of it and could provide a patch/update.
How to check for new updates:
SensCy highly recommends turning on the Automatic Updates on all Apple devices and products.
On your iPhone/iPad, go to the Settings App, scroll down to General, Click Software Update, Turn on Automatic Updates, and Download iOS 16.5
If you need additional information, use these Apple links:
iPhone/ iPad: macOS