Security News > 2023 > July > Apple patches exploited bugs in iPhones plus other holes

Apple patches exploited bugs in iPhones plus other holes
2023-07-25 21:29

Apple has released fixes for several security flaws that affect its iPhones, iPads, macOS computers, and Apple TV and watches, and warned that some of these bugs have already been exploited.

Apple credits Kaspersky researchers Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin, Leonid Bezvershenko, and Boris Larin with finding this bug, which looks similar to the kernel vulnerability used to infect iPhones with TriangleDB spyware and also uncovered by the aforementioned team.

This latest kernel bug, CVE-2023-38606, affects several other Apple products, too, including Macs running macOS Ventura, macOS Monterey, macOS Big Sur, the Apple Watch Series 4 and later, Apple TV 4K, and Apple TV HD. Another vulnerability in WebKit, in tvOS 16, watchOS 9.6, macOS Ventura, iOS 16, and iPadOS 16, tracked as CVE-2023-37450, may also have been exploited before Apple pushed patches, we're told.

Patches are available for all Apple TV 4K models, Apple TV HD boxes, Apple Watch Series 4 and later, and Macs running Ventura.

Previously, Apple fixed this same issue in some iPhones and iPads via a "Rapid security response" in iOS 16.5.1 and iPadOS 16.5.1.

These are the new type of patches that Apple began rolling out in May, with mixed results.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/07/25/apples_pushes_patches/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-27 CVE-2023-38606 Unspecified vulnerability in Apple products
This issue was addressed with improved state management.
local
low complexity
apple
5.5
2023-07-27 CVE-2023-37450 The issue was addressed with improved checks.
network
low complexity
apple webkitgtk
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349