Security News > 2023 > July > Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day
2023-07-25 18:18

Two weeks ago, we urged Apple users with recent hardware to grab the company's second-ever Rapid Response patch.

CVE-2023-37450: an anonymous researcher The next-best thing to zero-click attacks Technically, code execution bugs that can be triggered by getting you to look at a web page that contains booby-trapped content don't count as so-called zero-click attacks.

The worm therefore quickly overwhelmed the internet by infecting victims them over and over again until they were doing little other than attacking everyone else.

A look-and-get-pwned attack, also known as a drive-by install, where merely looking at a web page can invisibly implant malware, even though you don't click any additional buttons or approve any pop-ups, is the next-best thing for an attacker.

If the malware the attackers execute via an initial browser hole is specifically coded to exploit the second bug in the chain, then they immediately escape from any limitations or sandboxing implemented in the browser app by taking over your entire device at the operating system level instead. Typically, that means they can spy on every app you run, and even on the operating system itself, as well as installing their malware as an official part of your device's startup procedure, thus invisibly and automatically surviving any precautionary reboots you might perform.

If guarding against the Triangulation Trojan malware isn't enough to convince you on its own, don't forget that these updates also patch against numerous theoretical attacks that Apple and other Good Guys found proactively, including kernel-level code execution holes, elevation-of-privilege bugs, and data leakage flaws.


News URL

https://nakedsecurity.sophos.com/2023/07/25/apple-ships-that-recent-rapid-response-spyware-patch-to-everyone-fixes-a-second-zero-day/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-27 CVE-2023-37450 The issue was addressed with improved checks.
network
low complexity
apple webkitgtk
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110