Black Arrow Cyber Advisory 29 March 2023 – Apple Patch Multiple Vulnerabilities Across Product Suite, Including One Actively Exploited Vulnerability

Written By Black Arrow Admin

Executive Summary

Apple has issued security updates to address multiple vulnerabilities across all of their currently supported devices, plus security updates for some older iOS and Mac devices which no longer receive the latest feature updates. One vulnerability (CVE-2023-23529) has been added to the Cybersecurity & Infrastructure Security Agency’s known exploited vulnerabilities (KEV) catalogue.  In addition, patches have been made available for the following products:

  • Studio Display 16.4: applicable for macOS Ventura 13.3 and later

  • Safari 16.4: applicable for macOS Big Sur and macOS Monterey

  • iOS 15.7.4 and iPadOS 15.7.4: applicable for iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

  • iOS 16.4 and iPadOS 16.4: applicable for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

  • WatchOS 9.4: applicable for Apple Watch Series 4 and later

  • tvOS 16.4: applicable for Apple TV 4K (all models) and Apple TV HD

  • macOS Big Sur 11.7.5: applicable for macOS Big Sur

  • macOS Monterey 12.6.4: applicable for macOS Monterey

  • macOS Ventura 13.3: applicable for macOS Ventura

Technical Summary

The aforementioned exploited vulnerability, CVE-2023-23529, is a type confusion issue, which can occur when a piece of code does not verify the type of object handed to it, and uses it without type-checking. As a result, malicious web content can execute code on vulnerable devices.

What’s the risk to me or my business?

Exploitation of this vulnerability can lead to a compromise of data held on the device. As noted in the table, the following devices are vulnerable: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).

What can I do?

Apple users should update their iOS and or iPadOS to version 15.7.4 for devices impacted by the exploited vulnerability (CVE-2023-23529). For the other vulnerabilities, it is recommended that the latest software updates are applied.

More information regarding CVE-2023-23529 be found here: https://support.apple.com/en-gb/HT213673

Details of the other addressed vulnerabilities can be found here: https://support.apple.com/en-gb/HT201222 

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin
Previous

Black Arrow Cyber Advisory 29 March 2023 – Microsoft Exchange Online to Start Blocking Emails from Vulnerable On-premises Servers
Next

Black Arrow Cyber Advisory 28 March 2023 – Clop Ransomware Victims of GoAnywhere Vulnerability Reach 130