Security News > 2023 > September > Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones
Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities exploited "Against versions of iOS before iOS 16.7.".
Earlier this month, Apple closed two zero-day vulnerabilities that have been chained together by attackers to deliver NSO Group's Pegasus spyware.
A few days later, Google pushed out a security update for a Chrome zero-day vulnerability exploited in the wild.
The vulnerability is in the WebP image library, and has been reported by Apple Security Engineering and Architecture and The Citizen Lab.
Apple has released iOS 17 this week, and with it some updates to Lockdown Mode, which offers specialized protection to users at risk of highly targeted cyberattacks.
Lockdown Mode now also works on Apple Watch, removes the geolocation data from photos by default, and prevents devices from joining insecure Wi-Fi networks and 2G cellular networks.
News URL
https://www.helpnetsecurity.com/2023/09/22/cve-2023-41992-cve-2023-41991-cve-2023-41993/
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)