Apple Releases Patch for Actively Exploited Flaw in iOS, macOS, and Safari


June 22, 2023Ravie LakshmananEndpoint Vulnerability/Security

iOS, macOS, and Safari

Apple on Wednesday released a lots of updates for iOS, iPadOS, macOS, watchOS, and the Safari browser to address a series of weaknesses it says are actively exploited in the wild.

This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is unknown.

  • CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious application to execute arbitrary code with kernel privileges.
  • CVE-2023-32435 – A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.

The iPhone maker said it was aware that two issues “may have been actively exploited against iOS versions released prior to iOS 15.7,” crediting Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin for reporting them.

The push comes as a Russian cybersecurity vendor dissects spyware implants used in a clickless attack campaign targeting iOS devices via iMessages that carry attachments embedded with exploits for remote code execution (RCE) vulnerabilities.

The exploit code is also engineered to download additional components to gain root privileges on the target device, after which a backdoor is installed in memory and the initial iMessage is wiped to hide traces of infection.

The advanced implant, called TriangleDB, operates only in memory, leaving no traces of activity after a device reboot. It also comes with a variety of data collection and tracking capabilities.

Cyber ​​security

This includes “interacting with the device’s file system (including file creation, modification, exfiltration, and deletion), managing processes (registration and termination), extracting keychain items to collect victim credentials, and monitoring victim geolocations, among other things.”

Also patched by Apple is a third zero-day CVE-2023-32439which have been reported anonymously and may result in arbitrary code execution when processing malicious web content.

An actively exploited flaw, described as a type confusion issue, has been addressed with improved checking. The update is available for the following platforms –

With the latest round of repairs, Apple has resolved a total of nine zero-day defects in its products since the start of the year.

In February, the company installed a WebKit flaw (CVE-2023-23529) that could lead to remote code execution. In April, it released updates for two bugs (CVE-2023-28205 and CVE-2023-28206) that allowed code execution with higher privileges.

Subsequently, in May, it shipped patches for three more vulnerabilities in WebKit (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) that could allow threat actors to escape sandbox protection, access sensitive data, and executing arbitrary code.

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.


Source link

Related Articles

Back to top button