Security News > 2023 > July > Apple patches exploited bugs in iPhones plus other holes
Apple has released fixes for several security flaws that affect its iPhones, iPads, macOS computers, and Apple TV and watches, and warned that some of these bugs have already been exploited.
Apple credits Kaspersky researchers Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin, Leonid Bezvershenko, and Boris Larin with finding this bug, which looks similar to the kernel vulnerability used to infect iPhones with TriangleDB spyware and also uncovered by the aforementioned team.
This latest kernel bug, CVE-2023-38606, affects several other Apple products, too, including Macs running macOS Ventura, macOS Monterey, macOS Big Sur, the Apple Watch Series 4 and later, Apple TV 4K, and Apple TV HD. Another vulnerability in WebKit, in tvOS 16, watchOS 9.6, macOS Ventura, iOS 16, and iPadOS 16, tracked as CVE-2023-37450, may also have been exploited before Apple pushed patches, we're told.
Patches are available for all Apple TV 4K models, Apple TV HD boxes, Apple Watch Series 4 and later, and Macs running Ventura.
Previously, Apple fixed this same issue in some iPhones and iPads via a "Rapid security response" in iOS 16.5.1 and iPadOS 16.5.1.
These are the new type of patches that Apple began rolling out in May, with mixed results.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/07/25/apples_pushes_patches/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-27 | CVE-2023-38606 | Unspecified vulnerability in Apple products This issue was addressed with improved state management. | 5.5 |
| 2023-07-27 | CVE-2023-37450 | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 8.8 |