Apple has launched a series of urgent security updates that are targeted at iPhones, iPads, Macs, Apple Watches, and Safari browsers. These updates are in response to the discovery of three critical vulnerabilities that are currently under active exploitation by malicious actors.
Bill Marczak of the Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group can be attributed to have discovered and reported the three zero-day bugs, which prompted Apple to release new emergency updates to fix the bugs. This development marks the second high-profile security update released by Apple this month while bringing the total number of zero-days fixed so far this year to 16. In early September, Citizen Lab unearthed evidence of a zero-click vulnerability that allowed the Pegasus spyware, developed by NSO Group, to infiltrate a fully updated iPhone.
The first of these vulnerabilities resides in WebKit, the robust browser engine powering Apple’s Safari browser. Two bugs were located in the WebKit browser engine (CVE-2023-41993) and the Security framework (CVE-2023-41991), which enabled the threat actors to bypass the signature validation and opens the door to arbitrary code execution, a perilous scenario for users’ data and privacy.
The second vulnerability exposes a flaw in the certificate validation process. Attackers can exploit this weakness to allow malicious apps to execute on the affected device. This essentially bypasses the signature validation process, providing hackers with an opportunity to infiltrate the device with their malevolent apps.
The third vulnerability strikes at the very core of the operating system – the kernel. This is the heart of the device, controlling its most fundamental functions. Exploiting this bug grants the attackers with broader access to the kernel, essentially giving them the keys to the kingdom, and paving the way for a more profound breach of the device’s security. Local attackers can exploit the flaw in the Kernel Framework (CVE-2023-41992) to escalate privileges. The most concerning aspect of these vulnerabilities is that they are being used in tandem as part of an exploit chain. According to the official blog post by Citizen Lab on the matter, these vulnerabilities were actively exploited in a spyware campaign targeting the phone of an Egyptian presidential candidate. The spyware in question, known as Predator, is developed by Cytrox, a subsidiary of Intellexa.
According to media reports, the list of impacted devices includes, iPhone 8 and later smartphones, iPad mini 5th generation and later, Macs running macOS Monterey and newer, as well as Apple Watch Series 4 and later. As for Apple, it is aware of the active exploitation, one that is primarily targeting users who are still running iOS 16.7 and earlier versions. In response to this, the tech titan has patched the latest iOS 17, as well as back-ported the bug fixes to earlier versions of its operating systems, including macOS Ventura and Monterey, and watchOS. If you own Apple devices, then you should update them without delay, as this will be the most effective measure to protect your devices against these actively exploited vulnerabilities.
