Summary
Apple has released multiple emergency security patches for 3 zero-day vulnerabilities for iPhone and Mac Users. In total there are 16 zero days fixed this year.
2 of these zero days were found in the WebKit browser engine CVE-2023-41993 and the security framework CVE-2023-41991 (CVSS V3 9.1 critical), these let adversaries bypass signature validation using malicious apps or gain arbitrary code execution via maliciously crafted webpages.
The other zero day vulnerability is located in the Kernel Framework CVE-2023-41992 (CVSS V3 9.1 critical), this allows local attackers to exploit this and escalate privileges on the machine.
Affected devices
- iPhone 8 and later
- iPad mini 5th generation and later
- Macs running macOS Monterey and newer
- Apple Watch Series 4 and later
Security patches
- macOS version 13.6
- iOS version 17.0.1
- iPadOS version 17.0.1
- watchOS version 10.0.1