Apple Thwarts Hackers, Eliminates Spy Attack Vulnerabilities

Apple released security updates to eliminate zero day vulnerabilities used in attacks on the iPhone, Mac, and iPad.

In a security bulletin, Apple described a zero day vulnerability in Webkit, identified as CVE-2023-37450, which was patched in the latest round of updates released earlier in July. This vulnerability allowed attackers to execute arbitrary code by tricking victims into opening malicious web pages.

Another identified zero-day vulnerability is in the kernel, known as CVE-2023-38606, which was also exploited in attacks targeting devices running iOS versions released prior to iOS 15.7.1. This vulnerability allowed the attacker to alter important kernel states. Apple addressed these two vulnerabilities by enhancing checks and state management.

According to researchers from Kaspersky Great Security, the CVE-2023-38606 flaw is part of the Zero-Click chain of exploits used in the Triangulation spy campaign on the iPhone.

Since the beginning of 2023, Apple has already patched ten zero-day vulnerabilities that were actively exploited to compromise iPhones, Macs, or iPads:

MonthVulnerabilities
June CVE-2023-32434,
CVE-2023-32435,
CVE-2023-32439
May

/Reports, release notes, official announcements.