Warning of Multiple Vulnerabilities in Apple Products

The National Cyber Security Centre SK-CERT warns of several vulnerabilities in Apple products that could be exploited by attackers for remote code execution or information theft.

Apple has released a patch for several vulnerabilities, including several critical ones that allow attackers to perform several malicious activities, such as denial of service, privilege escalation, remote code execution or information theft.

One of the vulnerabilities, which is tracked as CVE-2023-23529, is currently being actively exploited by attackers.

Individual vulnerabilities have not been assigned a CVSS score yet, but security specialists describe them as high risk. The article will be updated once the CVSS score of individual vulnerabilities is verified.

Individual vulnerabilities are tracked with the following CVE codes:

• CVE-2023-23529
• CVE-2023-23514
• CVE-2023-23522

Below is a list of operating systems and their versions that are affected by mentioned vulnerabilities:

• Apple iOS in all versions before 3.1
• Apple iPadOS in all versions before 3.1
• Apple macOS in all versions before 2.1
• Apple Safari in all versions before 3.1

Regarding the mentioned vulnerabilities, the National Cyber Security Centre SK-CERT recommends the following to all users who use Apple products with the operating system in vulnerable versions:

• immediately update all devices with the vulnerable operating system to the latest version,
• in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].

Sources

• https://support.apple.com/en-gb/HT201222
• https://support.apple.com/en-us/HT213635
• https://support.apple.com/en-us/HT213633
• https://support.apple.com/en-us/HT213638
• https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20230214 

« Späť na zoznam