{"id":31647,"date":"2023-09-08T10:53:12","date_gmt":"2023-09-08T08:53:12","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=31647"},"modified":"2023-09-08T11:07:13","modified_gmt":"2023-09-08T09:07:13","slug":"security-updates-for-macos-ios-ipados-close-two-0-days-from-nso-group-pegasus-spyware","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/09\/08\/security-updates-for-macos-ios-ipados-close-two-0-days-from-nso-group-pegasus-spyware\/","title":{"rendered":"Security updates for macOS, iOS\/iPadOS close two 0-Days from NSO-Group (Pegasus Spyware)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2012\/07\/Apple.jpg\" width=\"58\" height=\"58\" align=\"left\" \/>Apple has released another slew of security updates for its macOS, iOS\/iPadOS and also WatchOS operating systems as of September 7, 2023. These updates fix two 0-day vulnerabilities that were abused by NSO Group's Pegasus spyware to monitor mobile devices.<\/p>\n<p><!--more--><\/p>\n<p>Apple's September 7, 2023 security updates are listed on <a href=\"https:\/\/support.apple.com\/en-us\/HT201222\" target=\"_blank\" rel=\"noopener\">this company security page<\/a>. Here is a brief overview of these updates:<\/p>\n<ul>\n<li><a href=\"https:\/\/support.apple.com\/kb\/HT213906\" target=\"_blank\" rel=\"noopener\">macOS Ventura 13.5.2<\/a>: The vulnerability CVE-2023-41064 (buffer overflow in the Mac operating system reported by Citizen Lab at the University of Toronto's Munk School has been closed. Processing a manipulated image can lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited.<\/li>\n<li><a href=\"https:\/\/support.apple.com\/kb\/HT213905\" target=\"_blank\" rel=\"noopener\">OS 16.6.1 and iPadOS 16.6.1<\/a>: These updates for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5 also close the CVE-2023-41064 vulnerability outlined above.<\/li>\n<li><a href=\"https:\/\/support.apple.com\/kb\/HT213907\" target=\"_blank\" rel=\"noopener\">watchOS 9.6.2<\/a>: Fixed a validation issue (CVE-2023-41061) in the operating system for Apple Watch Series 4 and later. A maliciously crafted attachment could lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited.<\/li>\n<\/ul>\n<p>The Record has published some more notes on the CVE-2023-41064 vulnerability discovered by Citizen Lab in <a href=\"https:\/\/therecord.media\/apple-discloses-two-zero-days-in-new-updates\" target=\"_blank\" rel=\"noopener\">this post<\/a>. The post from Citizen Lab about the 0-day exploit may be <a href=\"https:\/\/citizenlab.ca\/2023\/09\/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild\/\">found here<\/a>. The vulnerabilities mentioned above and now closed could be abused by NSO Group's Pegasus spyware to monitor mobile devices.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple has released another slew of security updates for its macOS, iOS\/iPadOS and also WatchOS operating systems as of September 7, 2023. These updates fix two 0-day vulnerabilities that were abused by NSO Group's Pegasus spyware to monitor mobile devices.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,26,923,580,22],"tags":[27,1232,69,195],"class_list":["post-31647","post","type-post","status-publish","format-standard","hentry","category-devices","category-ios","category-macos","category-security","category-update","tag-ios-2","tag-macos","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/31647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=31647"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/31647\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=31647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=31647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=31647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}