Apple has released emergency updates to address two zero-day vulnerabilities that were actively exploited in the wild. The first zero-day, tracked as CVE-2023-28206, is an out-of-bounds write weakness in IOSurfaceAccelerator that enables threat actors to execute arbitrary code with kernel privileges on targeted devices via maliciously crafted apps. The second zero-day, tracked as CVE-2023-28205, is a WebKit use after free vulnerability that can let threat actors execute malicious code on compromised iPhones, Macs, or iPads after tricking their targets into loading malicious web pages. This threatfeed will provide a detailed overview of the two zero-day flaws and their impact on affected devices.

Zero-Day Flaw 1: CVE-2023-28206

The first zero-day flaw is an out-of-bounds write weakness in IOSurfaceAccelerator, which is a kernel extension used to accelerate image and video processing. This flaw allows threat actors to execute arbitrary code with kernel privileges on targeted devices via maliciously crafted apps. By exploiting this vulnerability, attackers can bypass security restrictions and gain access to sensitive data stored on the device. This flaw affects all devices running iOS, iPadOS, and macOS, including older iPhones, iPads, and Macs.

Zero-Day Flaw 2: CVE-2023-28205

The second zero-day flaw is a WebKit use after free vulnerability that can let threat actors execute malicious code on compromised iPhones, Macs, or iPads after tricking their targets into loading malicious web pages. This flaw is caused by a memory management issue in WebKit, a browser engine used by Apple's Safari browser. Attackers can use this vulnerability to remotely execute arbitrary code on the target device, potentially allowing them to steal sensitive information or install malware. This flaw affects all devices running iOS, iPadOS, and macOS, including older iPhones, iPads, and Macs. While similar to this Apple has also previously addressed WebKit Zero-Day Vulnerability on Older iPhones.

Impact on Affected Devices

The zero-day flaws have a severe impact on affected devices, as they allow attackers to execute arbitrary code with kernel privileges or remotely execute arbitrary code on the target device. By exploiting these vulnerabilities, attackers can gain access to sensitive data stored on the device, including passwords, emails, and messages. Additionally, attackers can install malware on the device, allowing them to control it remotely and steal further information.

Coverage of Security Patches

Apple has released emergency updates to address these zero-day vulnerabilities, which are now patched on devices running iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6. The security patches include improvements to input validation and memory management, which address the underlying vulnerabilities. The company has also provided a list of devices that are now patched, including iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), and Macs running macOS Monterey and Big Sur.

Conclusion In conclusion, the zero-day flaws discovered in Apple's iOS, iPadOS, and macOS devices have severe consequences for affected users. The vulnerabilities allow attackers to execute arbitrary code with kernel privileges or remotely execute arbitrary code on the target device, potentially allowing them to steal sensitive information or install malware. The emergency security patches released by Apple address these vulnerabilities and include improvements to input validation and memory management. Users are strongly encouraged to update their devices to the latest software versions to ensure they are protected against these vulnerabilities.