Jetzt Ausprobieren
Vulnerability

Apple Fixes 3 Exploited Zero-Day Vulnerabilities

3 min. read
22/06/2023
By Laura Libeer
Generic-Apple-Vulnerability

⚡ TL;DR | Go Straight to the Apple Zero-Day Vulnerability Audit Report

Yesterday Apple released a number of security updates for iOS, iPadOS, macOS, watchOS, and their Safari browser to address a set of zero-day vulnerabilities. The issues may already have been exploited in the wild and could lead to arbitrary code execution. They have also been weaponized in the Operation Triangulation mobile surveillance campaign. We have added a new report to Lansweeper to help you find any vulnerable devices.

CVE-2023-32434 and CVE-2023-32435 

The new updates from Apple fix 3 possibly exploited vulnerabilities, but the most important ones are CVE-2023-32434 and CVE-2023-32435. CVE-2023-32434 is an integer overflow vulnerability in the Kernel that a malicious app could exploit to execute arbitrary code with kernel privileges. CVE-2023-32435 is a memory corruption vulnerability in WebKit that could also lead to arbitrary code execution when processing maliciously crafted web content. Apple says that they are aware that these flaws may have already been exploited against versions of iOS released before iOS 15.7. You can find further information via the Apple security updates page.

Operation Triangulation

The vulnerabilities were discovered by security researchers from cybersecurity and digital privacy company Kaspersky during their research into the zero-click attack campaign they call Operation Triangulation. The campaign targets iOS devices using zero-click exploits delivered via iMessage to install malware and gain control over the device and user data. The ultimate goal is to covertly spy on the users.

Update Vulnerable Apple Devices

In order to protect your network, make sure to update all of your devices to the latest version. Apple has released updates for iOS, iPadOS, macOS, watchOS, and Safari. You can find the list of all updates on their security updates page. As always, Apple is not releasing any further information regarding the vulnerabilities addressed, until they have concluded a full investigation and patches and releases are available. You can find a list of all fixed versions below.

Patched VersionAvailable for
Safari 16.5.1macOS Big Sur and macOS Monterey
iOS 16.5.1 and iPadOS 16.5.1iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
iOS 15.7.7 and iPadOS 15.7.7iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
macOS Ventura 13.4.1macOS Ventura
macOS Monterey 12.6.7macOS Monterey
macOS Big Sur 11.7.8macOS Big Sur
watchOS 9.5.2Apple Watch Series 4 and later
watchOS 8.8.1Apple Watch Series 3, Series 4, Series 5, Series 6, Series 7, and SE

Discover Vulnerable Apple Devices

To help you locate vulnerable devices in your network, our technical team has put together a new report. It will give you an actionable list of all iOS, iPadOS, and macOS devices that haven’t been updated to a patched version yet. You can get to the report via the link below. You can also check the version of your Safari installs with the Safari Version Audit report.