Warning of Critical Vulnerabilities in Apple Products
The National Cyber Security Centre SK-CERT warns of critical security vulnerabilities in Apple products that could be exploited by attackers for remote code execution, resulting in a complete breach of confidentiality, integrity and availability of affected systems.
These vulnerabilities are currently being actively exploited by attackers.
The security vulnerability tracked as CVE-2023-28205 can be found in the WebKit component and allows a remote unauthenticated attacker by creating a specially crafted web content (spoofing) to execute a malicious code, resulting in a complete breach of confidentiality, integrity and availability of the system.
The security vulnerability tracked as CVE-2023-28206 can be found in the IOSurfaceAccelerator component and allows the attacker by creating a specially crafted application (spoofing) to execute a malicious code with administrator privileges and cause a complete breach of confidentiality, integrity and availability of the system.
Below is a list of products and their versions that are affected by mentioned vulnerabilities:
- iOS versions earlier than 16.4.1
- iPadOS versions earlier than 16.4.1
- Safari versions earlier than 16.4.1
- macOS Ventura versions earlier than 13.3.1
Regarding the mentioned vulnerabilities, the National Cyber Security Centre SK-CERT recommends the following to all users who use the Apple products in question in vulnerable versions:
- immediately update all affected systems;
- do not open unverified email messages, attachments from unknown sources, visit untrusted websites or install unverified applications;
- in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].
Sources
https://support.apple.com/en-gb/HT213720
https://support.apple.com/en-us/HT213722
https://support.apple.com/en-us/HT213721
https://www.tenable.com/plugins/nessus/174022
« Späť na zoznam