With new operating system updates released on Wednesday, Apple has fixed a pair of serious zero-day security bugs that the company says “may have been actively exploited.”
Andrew Cunningham for Ars Technica:
One of the vulnerabilities, CVE-2023-32434, is a kernel-level flaw that can allow apps to “execute arbitrary code with kernel privileges.” The other, a WebKit bug labeled CVE-2023-32439, can allow the execution of arbitrary code after processing “maliciously crafted web content.” The iOS and iPadOS 16.5.1 updates also fix a non-security bug “that prevents charging with the Lightning to USB 3 Camera Adapter.”
The updates aren’t just coming to iPhones, iPads, and Macs running the latest operating systems. Updates fixing the same bugs have been released for iOS and iPadOS 15, plus macOS versions 11 and 12 (via both macOS and Safari updates). Apple also released an update fixing the kernel bug for watchOS 8, which was the last version of the OS that supported the Apple Watch Series 3 (plus newer watches paired to older iPhones that can’t update to iOS 16). Updates for older versions of watchOS are exceedingly rare, highlighting the severity of any kernel-level security flaw.
The iOS and iPadOS 15.7.7 updates also fix a third closely related WebKit bug that allows remote code execution when processing web content, CVE-2023-32435.
MacDailyNews Take: If you haven’t upgraded already, update your various Apple OSes ASAP.
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
The post Apple fixes zero-day security flaws in iOS, macOS, watchOS, and more appeared first on MacDailyNews.
