Black Arrow Cyber Advisory 25 July 2023 – Newly Exploited Apple-Zero Day Addressed, Patch Now
Executive Summary
Apple has recently released multiple patches, covering a number of vulnerabilities, including one actively exploited zero-day. The zero-day vulnerability has been found to affect devices running vulnerable versions of iOS, iPadOS, macOS, tvOS, watchOS and Safari. The actively exploited zero-day allows threat actors to obtain the highest privileges available (kernel privileges) on affected devices. Earlier this month, another actively exploited zero day, CVE-2023-37450, was addressed by Apple through a Rapid Security Response update.
What’s the risk to me or my business?
Exploitation of the vulnerability could allow an attacker unauthorised access to sensitive data, allowing them to manipulate or delete important information, or even take over the entire device, compromising the confidentiality, integrity, and availability of the data held by an exploited device. In some cases, threat actors are exploiting the vulnerability to install spyware on vulnerable devices.
What can I do?
Given the widespread use of Apple devices for both corporate and personal use, it is important to prioritise the application of the released patches to protect devices. Apple has also released patches addressing these vulnerabilities for products that are no longer supported. We recommend updating your devices promptly to these latest versions. Apple has acknowledged active exploitation of these vulnerabilities and as such recommends updating immediately. Organisations who do not use Apple devices, but have a bring your own device policy should consider whether this may include Apple devices.
Apple have addressed the zero-day in the following versions:
macOS Ventura 13.5
iOS 16.6
iPadOS 16.6
Safari 16.6
tvOS 16.6
watchOS 9.6
Technical Summary
CVE-2023-38606 – Successful exploitation of this flaw could lead to a threat actor obtaining kernel privileges (the highest available). This allows the malicious actor to “modify sensitive kernel state”.
For information on all vulnerabilities addressed can be found in the following links below:
Further information on the iOS and iPadOS vulnerabilities can be found here:
https://support.apple.com/en-us/HT213841
Further information on the Mac vulnerabilities can be found here:
https://support.apple.com/en-us/HT213843
Further information on the Safari vulnerabilities can be found here:
https://support.apple.com/en-gb/HT213847
Further information on the tvOS vulnerabilities can be found here:
https://support.apple.com/en-gb/HT213846
Further information on the watchOS vulnerabilities can be found here:
https://support.apple.com/en-gb/HT213848
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity