Security News > 2023 > September > Apple backports BLASTPASS zero-day fixes to older iPhones
Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.
Apple released fixes for the two flaws with macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2, and CISA published an alert requiring federal agencies to patch by October 2, 2023.
The security updates cover all iPhone 6s models, the iPhone 7, the first generation of the iPhone SE, the iPad Air 2, the fourth generation of the iPad mini, and the seventh generation of the iPod touch.
Three more zero-days in May. Two zero-days in April.
Apple discloses 2 new zero-days exploited to attack iPhones, Macs.
Apple fixes new zero-day used in attacks against iPhones, Macs.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-07 | CVE-2023-41064 | Classic Buffer Overflow vulnerability in Apple Ipados and Iphone OS A buffer overflow issue was addressed with improved memory handling. | 7.8 |