CISA warns about the exploitation of two errors in the Apple operating system
The US Cybersecurity and Infrastructure Security Agency has added two new Apple-related vulnerabilities to its catalog and has warned that both are being actively exploited.
The first, CVE-2023-41064, is a buffer overflow vulnerability where a “maliciously crafted image” could lead to arbitrary code execution. This affects Apple products across the entire range, but has been fixed in the following versions of the operating system:
- macOS Monterey 12.6.9
- macOS Big Sur 11.7.10
- macOS Ventura 13.5.2,
- iOS 16.6.1
- iPadOS 16.6.1
- iOS 15.7.9
- iPadOS 15.7.9
The second vulnerability, CVE-2023-41061, is a validation issue that could allow a malicious attachment to lead to arbitrary code execution. This bug only affects Apple mobile devices, but has been fixed in the following versions of the operating system:
- watchOS 9.6.2
- iOS 16.6.1
- iPadOS 16.6.1
“These types of vulnerabilities are frequent attack vectors for malicious cyberattacks and pose significant risks to the federal enterprise,” CISA said in a statement.
According to CISA, both vulnerabilities are still being analyzed, but making sure affected devices are running updated operating systems should be enough anyway.