Newsnews
Cybersecurity News

New Apple Security Updates Patch Zero-Day Vulnerabilities

Written by: Dode Roden | Published: 23 September 2023 | Modified: 1 December 2023
new-apple-security-updates-patch-zero-day-vulnerabilities
Cybersecurity

Apple devices are once again in need of urgent security updates to protect against three zero-day vulnerabilities that are being actively exploited by hackers. The vulnerabilities affect iPhones, iPads, Macs, Apple Watch, and Safari users.

Key Takeaway

Apple has released urgent security updates to fix three zero-day vulnerabilities actively exploited by hackers. These vulnerabilities can result in unauthorized access to devices and have been used to plant the Predator spyware on the phone of an Egyptian presidential candidate. Earlier this month, Apple also patched a zero-click vulnerability that allowed the installation of the Pegasus spyware. Users are urged to update their Apple devices promptly to protect against these threats.

Vulnerabilities Exploited:

The three vulnerabilities include:

  1. A flaw in WebKit, the browser engine powering Safari.
  2. A certificate validation bug that allows malicious apps to run on affected devices.
  3. A bug that provides broader access to the kernel, the core of the operating system.

These vulnerabilities are part of an exploit chain, where they are combined to gain unauthorized access to a target’s device.

Immediate Action by Apple:

Apple has taken swift action by releasing security updates to address these vulnerabilities. The updates have been made available for iOS 16.7 and earlier, as well as older versions of macOS Ventura and Monterey, and watchOS.

It is worth noting that these updates come shortly after the release of iOS 17, which introduced enhanced security and privacy features to mitigate the risk of cyberattacks, including spyware.

Exploit Used to Plant Predator Spyware:

Google researcher Maddie Stone and Citizen Lab’s Bill Marczak uncovered the three vulnerabilities. In their blog posts, they confirmed that Apple’s latest updates were designed to block an exploit used to plant the Predator spyware on the phone of an Egyptian presidential candidate.

Predator, developed by Cytrox, a subsidiary of Intellexa, is a spyware capable of stealing sensitive data from a targeted individual’s phone. Cytrox and Intellexa were both added to a U.S. government denylist earlier this year, resulting in a ban on U.S. companies doing business with them.

Previous Zero-Day Vulnerability:

In addition to this recent security update, Apple issued another high-profile security update earlier this month. It addressed a zero-click vulnerability that allowed the Pegasus spyware, developed by NSO Group, to be planted on a fully up-to-date iPhone.

This vulnerability, named BLASTPASS by Citizen Lab, was part of an exploit chain that leveraged PassKit, a framework enabling developers to incorporate Apple Pay into their apps.

These security breaches highlight the constant need to update devices to ensure the latest protections against zero-day vulnerabilities. Users are strongly advised to update their Apple devices immediately to stay secure.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Related Posts

Apple Addresses Zero-Day Exploits Used In Pegasus Spyware Attack
News

Apple Addresses Zero-Day Exploits Used In Pegasus Spyware Attack

by Lorri Hinman | 8 September 2023
Google Quickly Fixes Zero-Day Exploited By Spyware Vendor
News

Google Quickly Fixes Zero-Day Exploited By Spyware Vendor

by Lucky Stith | 29 September 2023
Microsoft Remains Silent On Exploitation Of Zero-Day Vulnerabilities
News

Microsoft Remains Silent On Exploitation Of Zero-Day Vulnerabilities

by Joscelin Harder | 5 October 2023
Apple Releases Security Updates To Fix Actively Exploited Zero-Day Vulnerabilities
News

Apple Releases Security Updates To Fix Actively Exploited Zero-Day Vulnerabilities

by Raye Loving | 2 December 2023
Zero Day Vulnerability: What is It and How Does It Work?
TECHNOLOGY

Zero Day Vulnerability: What is It and How Does It Work?

by Caterina Nicolas | 29 December 2020
What Are Some Of The Shortcomings Of Antivirus Software Today? Check All That Apply.
TECHNOLOGY

What Are Some Of The Shortcomings Of Antivirus Software Today? Check All That Apply.

by Shina Thies | 11 September 2023
State-backed Hackers Are Exploiting New Ivanti VPN Zero-days — But No Patches Yet
News

State-backed Hackers Are Exploiting New Ivanti VPN Zero-days — But No Patches Yet

by Charita Grinnell | 1 February 2024
How To Get Free Antivirus
TECHNOLOGY

How To Get Free Antivirus

by Courtney Shuck | 11 September 2023

Recent Stories

Learn To Convert Scanned Documents Into Editable Text With OCR
Software Tutorials

Learn To Convert Scanned Documents Into Editable Text With OCR

by Dode Roden | 26 April 2024
Top Mini Split Air Conditioner For Summer
Buyer's Guides

Top Mini Split Air Conditioner For Summer

by Dode Roden | 26 April 2024
Comfortable and Luxurious Family Life | Zero Gravity Massage Chair
Buyer's Guides

Comfortable and Luxurious Family Life | Zero Gravity Massage Chair

by Dode Roden | 26 April 2024
Fintechs and Traditional Banks: Navigating the Future of Financial Services
General Fintech

Fintechs and Traditional Banks: Navigating the Future of Financial Services

by Dode Roden | 18 April 2024
AI Writing: How It’s Changing the Way We Create Content
AI

AI Writing: How It’s Changing the Way We Create Content

by Dode Roden | 3 April 2024
How to Find the Best Midjourney Alternative in 2024: A Guide to AI Anime Generators
Digital Media & Creative Tech

How to Find the Best Midjourney Alternative in 2024: A Guide to AI Anime Generators

by Dode Roden | 28 March 2024
How to Know When it’s the Right Time to Buy Bitcoin
Cryptocurrency

How to Know When it’s the Right Time to Buy Bitcoin

by Dode Roden | 28 March 2024
Unleashing Young Geniuses: How Lingokids Makes Learning a Blast!
Education

Unleashing Young Geniuses: How Lingokids Makes Learning a Blast!

by Dode Roden | 23 March 2024