PRUEBA AHORA
Vulnerability

Apple Fixes 2 More Zero-Day Vulnerabilities

3 min. read
25/07/2023
By Laura Libeer
Generic-Apple-Vulnerability-Featured-Image

⚡ TL;DR | Go Straight to the Apple Vulnerability Audit Report

Apple has rolled out a series of security updates for iOS, iPadOS, macOS, tvOS, watchOS, and Safari in response to 2 vulnerabilities. Both of them have already been exploited in the wild. When successfully exploited, the flaws allow an attacker to modify sensitive kernel states. We have added a new report to Lansweeper to help you locate vulnerable devices.

Apple Vulnerabilities CVE-2023-37450 and CVE-2023-38408

The vulnerability tracked as CVE-2023-37450 is a flaw in the WebKit browser engine that was patched earlier this month. An attacker could use this flaw to execute arbitrary code by tricking its targets into opening maliciously crafted web pages. Arbitrary code execution attacks can compromise the integrity of sensitive data and files.

CVE-2023-38606 is a Kernel vulnerability that has already been exploited in attacks against devices running older versions of iOS. On unpatched devices, the flaw allows attackers to modify sensitive kernel states. CVE-2023-38606 is also connected to the mobile cyber espionage campaign «Operation Triangulation» that we discussed in an earlier Apple vulnerability update.

Update Vulnerable Apple Devices

Apple has released a series of security updates for iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address these vulnerabilities, as well as backported security patches for a zero-day (CVE-2023-32409) affecting tvOS 16.6 and watchOS 9.6 that they already addressed in May. You can find an overview of all patches on Apple’s security page. You can also find all fixed versions listed below.

Fixed versionProduct
Safari 16.6macOS Big Sur and macOS Monterey
iOS 16.6 and iPadOS 16.6iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
iOS 15.7.8 and iPadOS 15.7.8iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
macOS Ventura 13.5macOS Ventura
macOS Monterey 12.6.8macOS Monterey
macOS Big Sur 11.7.9macOS Big Sur
tvOS 16.6Apple TV 4K (all models) and Apple TV HD
watchOS 9.6Apple Watch Series 4 and later

Discover Vulnerable Apple Devices

To help you locate vulnerable Apple devices, we have added a new report to Lansweeper. This report will give you an actionable list of iOS, iPadOS and macOS devices that still need updates and are at risk. You can get the report via the link below. You can also check the version of your Safari installs with the Safari Version Audit report.

Apple iOS/iPadOS 16.6 and macOS 13.5 Audit Report