Security News > 2023 > September > Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones
Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities exploited "Against versions of iOS before iOS 16.7.".
Earlier this month, Apple closed two zero-day vulnerabilities that have been chained together by attackers to deliver NSO Group's Pegasus spyware.
A few days later, Google pushed out a security update for a Chrome zero-day vulnerability exploited in the wild.
The vulnerability is in the WebP image library, and has been reported by Apple Security Engineering and Architecture and The Citizen Lab.
Apple has released iOS 17 this week, and with it some updates to Lockdown Mode, which offers specialized protection to users at risk of highly targeted cyberattacks.
Lockdown Mode now also works on Apple Watch, removes the geolocation data from photos by default, and prevents devices from joining insecure Wi-Fi networks and 2G cellular networks.
News URL
https://www.helpnetsecurity.com/2023/09/22/cve-2023-41992-cve-2023-41991-cve-2023-41993/
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Zero-days dominate top frequently exploited vulnerabilities (source)
- Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)