Apple Zero-Day Vulnerability

Published On: September 22, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team urges Apple product users to install the new updates immediately. The new update remediates THREE new zero-day vulnerability in the iOS, macOS, iPadOS, and Safari Browser that have been exploited in the wild by the known mercenary spyware Pegasus.

CVE-2023-41993 a bug in the WebKit browser engine

CVE-2023-41991 a bug in the Security framework allowing threat actors to bypass signature validation using malicious app to conduct arbitrary code execution

CVE-2023-41992 is a flaw in the Kernel Framework, giving APIs and support kernel extensions, it could lead to escalation of privilege.

The updates are iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2, are available for:

  • iOS 16.7 and iPadOS 16.7. iPhone 8 and later
  • iOS 17.0.1 and iPadOS 17.0.1 iPhone XS and later,
  • macOS Ventura 13.6 and macOS Monteret 12.7
  • watchOS 9.6.3 and watchOS 10.0.1 Apple Watch Series 4 and later
  • Safari 16.6.1

What is a zero-day vulnerability?
In cybersecurity, a zero-day vulnerability refers to a vulnerability in a system or device that has been disclosed but not yet patched. The vulnerability was discovered before developers and security researchers were aware of it and could provide a patch/update.

How to check for new updates:
SensCy highly recommends turning on the Automatic Updates on all Apple devices and products.

On your iPhone/iPad, go to the Settings App, scroll down to General, Click Software Update, Turn on Automatic Updates, and Download iOS 17. If you need additional information, use these Apple links:

iPhone/ iPad: macOS

Related Posts

  • April 19, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 202 vulnerabilities discovered, including 185 WordPress plugin [...]

  • April 18, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version 124 immediately. The new update patches [...]

  • April 10, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]