CISA warns about the exploitation of two errors in the Apple operating system

CISA warns about the exploitation of two errors in the Apple operating system

CISA warns about the exploitation of two errors in the Apple operating system

The US Cybersecurity and Infrastructure Security Agency has added two new Apple-related vulnerabilities to its catalog and has warned that both are being actively exploited.

The first, CVE-2023-41064, is a buffer overflow vulnerability where a “maliciously crafted image” could lead to arbitrary code execution. This affects Apple products across the entire range, but has been fixed in the following versions of the operating system:

  • macOS Monterey 12.6.9
  • macOS Big Sur 11.7.10
  • macOS Ventura 13.5.2,
  • iOS 16.6.1
  • iPadOS 16.6.1
  • iOS 15.7.9
  • iPadOS 15.7.9

The second vulnerability, CVE-2023-41061, is a validation issue that could allow a malicious attachment to lead to arbitrary code execution. This bug only affects Apple mobile devices, but has been fixed in the following versions of the operating system:

  • watchOS 9.6.2
  • iOS 16.6.1
  • iPadOS 16.6.1

“These types of vulnerabilities are frequent attack vectors for malicious cyberattacks and pose significant risks to the federal enterprise,” CISA said in a statement.

According to CISA, both vulnerabilities are still being analyzed, but making sure affected devices are running updated operating systems should be enough anyway.

Leave a Reply

Your email address will not be published. Required fields are marked *