www.belgium.be Logo of the federal government

WARNING: APPLE RELEASED SECURITY UPDATES FOR IOS, IPADOS, MACOS AND SAFARI TO ADDRESS AN ACTIVELY EXPLOITED RCE ZERO-DAY VULNERABILITY, PATCH IMMEDIATELY!

Référence: 
Advisory #2023-17
Version: 
1.0
Logiciels concernés : 
iOS version < 16.3.1
iPadOS < 16.3.1
MacOS Ventura < 13.2.1
Safari < 16.3.1
Type: 
Remote code execution (RCE)
CVE/CVSS: 

CVE-2023-23529 CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVE-2023-23514 CVSS N/A (CVSS:3.1 N/A)

Date: 
14/02/2023

Sources

https://support.apple.com/en-gb/HT213638
https://support.apple.com/en-us/HT213635
https://support.apple.com/en-us/HT213633
https://support.apple.com/en-us/HT213638

Risques

On the 13th of February, Apple released security updates for iOS, iPadOS, macOS, and Safari to address CVE-2023-23529, a zero-day flaw reported as actively exploited in the wild. The vulnerability can culminate in arbitrary code execution.

A successful attack has a high impact on all vertices of the CIA triad impacting Confidentiality, Integrity, and availability.

Mobile phones are an interesting target for threat actors especially for espionage campaigns.

The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. Organisations should investigate if they suspect an intrusion attempt.

If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident

Description

CVE-2023-23529 is a type-confusion issue in WebKit browser engine that could be activated when processing maliciously crafted web content and make possible arbitrary code execution on a vulnerable device by getting the targeted user to access a malicious website.

The iOS and iPadOS update also contains a fix for CVE-2023-23514, a use after free issue in the kernel, which could allow a malicious application to execute arbitrary code with kernel privileges. The vulnerability is now actively exploited to install malware.

The vulnerabilities were addressed by Apple with improved checks and improved memory management

Affected products:

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later,
  • macOS Ventura
  • macOS Big Sur
  • macOS Monterey

Actions recommandées

The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:

  • Update vulnerable devices as soon as possible.
  •  Upscale monitoring and detection capabilities to detect any related suspicious activity to ensure a fast response in case of an intrusion.

Références

https://www.securityweek.com/apple-patches-actively-exploited-webkit-zero-day-vulnerability/
https://thehackernews.com/2023/02/patch-now-apples-ios-ipados-macos-and.html