Apple has released another slew of security updates for its macOS, iOS/iPadOS and also WatchOS operating systems as of September 7, 2023. These updates fix two 0-day vulnerabilities that were abused by NSO Group's Pegasus spyware to monitor mobile devices.
Apple's September 7, 2023 security updates are listed on this company security page. Here is a brief overview of these updates:
- macOS Ventura 13.5.2: The vulnerability CVE-2023-41064 (buffer overflow in the Mac operating system reported by Citizen Lab at the University of Toronto's Munk School has been closed. Processing a manipulated image can lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited.
- OS 16.6.1 and iPadOS 16.6.1: These updates for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5 also close the CVE-2023-41064 vulnerability outlined above.
- watchOS 9.6.2: Fixed a validation issue (CVE-2023-41061) in the operating system for Apple Watch Series 4 and later. A maliciously crafted attachment could lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited.
The Record has published some more notes on the CVE-2023-41064 vulnerability discovered by Citizen Lab in this post. The post from Citizen Lab about the 0-day exploit may be found here. The vulnerabilities mentioned above and now closed could be abused by NSO Group's Pegasus spyware to monitor mobile devices.
Cookies helps to fund this blog: Cookie settings