Title: Apple Releases Emergency Updates to Address Zero-Day Flaws Exploited in the Wild
In a bid to address two zero-day flaws that have been exploited in the wild, tech giant Apple has released emergency security updates for its iOS, iPadOS, macOS, and watchOS. These updates come as a response to the discovery of vulnerabilities in Apple devices, including the iPhone and iPad.
One of the flaws identified is a validation issue in Wallet, while the other is a buffer overflow issue in the Image I/O component. Apple discovered CVE-2023-41061 internally, with the assistance of Citizen Lab, and it was found that CVE-2023-41064 by Citizen Lab at the University of Toronto’s Munk School.
To ensure that users are protected, the updates are now available for a range of Apple devices and operating systems. This includes the iPhone 8 and later models, iPad Pro, iPad Air, iPad, and Apple Watch Series 4 and later.
These flaws have already been weaponized through a zero-click iMessage exploit chain known as BLASTPASS. This exploit chain has allowed the deployment of the notorious Pegasus spyware, developed by the NSO Group, on fully-patched iPhones running iOS 16.6. Disturbingly, it has been revealed that these exploits have the ability to bypass Apple’s BlastDoor sandbox framework, which was specifically designed to mitigate zero-click attacks.
This isn’t the first time Apple has faced security challenges. Cupertino has managed to fix a total of 13 zero-day bugs this year alone, highlighting the ongoing need for vigilance in addressing potential vulnerabilities.
In addition to these developments, the Chinese government has reportedly prohibited central and state government officials from using iPhones and other foreign-branded devices for work. Security researchers point out that, despite their reputation for being secure, iPhones have been shown to have vulnerabilities over the years, leading to concerns about their reliability.
As Apple takes important steps to address these vulnerabilities, users are reminded of the importance of keeping their devices updated with the latest security patches. Regularly checking for and installing software updates is an essential part of maintaining security in the ever-evolving digital world.
“Travel aficionado. Incurable bacon specialist. Tv evangelist. Wannabe internet enthusiast. Typical creator.”