Apple Zero-Day Vulnerability
In today’s SensCy Cyber Alert, your SensCy team urges Apple product users to install the new updates immediately. The new update remediates THREE new zero-day vulnerability in the iOS, macOS, iPadOS, and Safari Browser that have been exploited in the wild by the known mercenary spyware Pegasus.
CVE-2023-41993 a bug in the WebKit browser engine
CVE-2023-41991 a bug in the Security framework allowing threat actors to bypass signature validation using malicious app to conduct arbitrary code execution
CVE-2023-41992 is a flaw in the Kernel Framework, giving APIs and support kernel extensions, it could lead to escalation of privilege.
The updates are iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2, are available for:
- iOS 16.7 and iPadOS 16.7. iPhone 8 and later
- iOS 17.0.1 and iPadOS 17.0.1 iPhone XS and later,
- macOS Ventura 13.6 and macOS Monteret 12.7
- watchOS 9.6.3 and watchOS 10.0.1 Apple Watch Series 4 and later
- Safari 16.6.1
What is a zero-day vulnerability?
In cybersecurity, a zero-day vulnerability refers to a vulnerability in a system or device that has been disclosed but not yet patched. The vulnerability was discovered before developers and security researchers were aware of it and could provide a patch/update.
How to check for new updates:
SensCy highly recommends turning on the Automatic Updates on all Apple devices and products.
On your iPhone/iPad, go to the Settings App, scroll down to General, Click Software Update, Turn on Automatic Updates, and Download iOS 17. If you need additional information, use these Apple links: