Two known exploited critical vulnerabilities fixed in Apple products
CVE-2023-28205
CVE-2023-28206
Sources
Apple: macOS Big Sur 11.7.6 - https://support.apple.com/en-us/HT213725
Apple: iOS 15.7.5 and iPadOS 15.7.5 - https://support.apple.com/en-us/HT213723
Apple: iOS macOS Monterey 12.6.5 - https://support.apple.com/en-us/HT213724
Apple: Safari 16.4.1 - https://support.apple.com/en-us/HT213722
Apple: iOS 16.4.1 and iPadOS 16.4.1 - https://support.apple.com/en-us/HT213720
Apple: macOS Ventura 13.3.1 - https://support.apple.com/en-us/HT213721
Risques
Apple has released security updates for iOS, iPadOS, macOS, and Safari to address two critical vulnerabilities. Apple has stated they are aware these issues are actively exploited. CISA has added these vulnerabilities to their Known Exploited Vulnerabilities (KEV) list.
These vulnerabilities could allow an attacker to run malicious code on a vulnerable device and elevate their privileges.
Description
CVE-2023-28205
* A flaw in "IOSurfaceAccelerator" might allow an app to execute code with kernel privileges.
CVE-2023-28206
* Executing maliciously crafted web content may lead to arbitrary code execution.
Actions recommandées
The Centre for Cybersecurity Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity.
Update the installation to one of the latest versions:
* macOS Big Sur 11.7.6
* macOS Monterey 12.6.5
* iOS 15.7.5 and iPadOS 15.7.5
* Safari 16.4.1
* iOS 16.4.1 and iPadOS 16.4.1
* macOS Ventura 13.3.1
Références
CISA - https://www.cisa.gov/news-events/alerts/2023/04/10/cisa-adds-two-known-e...