On Thursday, Apple urgently issued security patches for iOS, iPadOS, macOS, and watchOS. These updates were released in response to the exploitation of two previously unknown vulnerabilities in the wild. These flaws were utilized to deploy NSO Group’s Pegasus spyware, often used for mercenary purposes.
Here are the described issues:
CVE-2023-41061: This concerns a validation problem within Wallet. It has the potential to lead to arbitrary code execution if a maliciously crafted attachment is processed.
CVE-2023-41064: This pertains to a buffer overflow problem within the Image I/O component. It could lead to arbitrary code execution when dealing with a maliciously crafted image.
CVE-2023-41064 was identified by the Citizen Lab at the University of Toronto’s Munk School. On the other hand, CVE-2023-41061 was internally detected by Apple, with the Citizen Lab providing “assistance” in the process.
The available updates apply to the following devices and operating systems: iOS 16.6.1 and iPadOS 16.6.1:
Compatible with iPhone 8 and newer models, iPad Pro (all versions), iPad Air starting from the 3rd generation, iPad from the 5th generation onwards, and iPad mini from the 5th generation onwards.
macOS Ventura 13.5.2:
Applicable to macOS devices running macOS Ve
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Compatible with iPhone 8 and newer models, iPad Pro (all versions), iPad Air starting from the 3rd generation, iPad from the 5th generation onwards, and iPad mini from the 5th generation onwards.
macOS Ventura 13.5.2:
Applicable to macOS devices running macOS Ve
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: