⚡ TL;DR | Go Straight to the Apple Vulnerability Report
Apple has released security updates addressing 2 exploited zero-day vulnerabilities in MacOS, iOS, iPadOS, and Safari that could lead to arbitrary code execution. If successfully exploited, these vulnerabilities could lead to arbitrary code execution with kernel privileges on targetted devices. This could in turn compromise and corrupt sensitive data or even lead to system crashes. A new report has been added to your Lansweeper installation to help you locate potentially vulnerable devices.
Apple Vulnerability CVE-2023-28206 & CVE-2023-28205
The vulnerability tracked as CVE-2023-28206 is an out-of-bounds write vulnerability in IOSurfaceAccelerator. If successfully exploited, it could allow an attacker to execute arbitrary code with kernel privileges using maliciously crafted apps. Since this is the highest level of privilege in the operating system, this would boil down to a complete device takeover.
CVE-2023-28205 is a use-after-free issue in WebKit. It could lead to arbitrary code execution if a threat actor were to trick their target into loading malicious web pages. Apple is aware that both of these vulnerabilities may have been exploited in the wild.
Update Vulnerable Devices
Apple has released the security updates macOS Ventura 13.3.1, Monterey 12.6.5, and Big Sur 11.7.6, and iOS and iPadOS 16.4.1. Any older versions are vulnerable to the vulnerabilities mentioned above. Later on, Apple also released the updates for iOS 15.7.5 for iOS and iPadOS on older devices. It’s worth noting that the updates for macOS Monterey and Big Sur only address CVE-2023-28206.
You can find detailed instructions on how to install the updates on Apple’s Security Updates page. You are advised to apply the updates as soon as possible on any of the following devices:
- macOS Monterey, Ventura, and Big Sur
- iPhone 8 and later
- iPad Pro all models
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
- iPhone 6s all models
- iPhone 7 all models
- iPhone SE (1st generation)
- iPad Air 2
- iPad mini (4th generation)
- iPod touch (7th generation)
Safari 16.4.1 Update
On April 7th, Apple also released Safari 16.4.1 for macOS Big Sur and macOS Monterey to address CVE-2023-28205. Any earlier versions of Safari are also vulnerable. Apple once again reports that this issue may have been actively exploited. The audit report below will give you an overview of all installations of Safari in your network and their versions.
Discover Vulnerable Apple Devices
Based on the information shared by Apple regarding the vulnerabilities, we have created a special Lansweeper report that lists all macOS, iOS, and iPadOS devices that are still vulnerable to the vulnerabilities described above. This way you have an actionable list of assets that still need to be updated.