Warning of Multiply Vulnerabilities in Apple Products

The National Cyber Security Centre SK-CERT warns of several vulnerabilities in Apple products that could be exploited by attackers for remote code execution, denial of service or information theft.

Apple has released a patch for several vulnerabilities, including several critical ones that allow attackers to execute several malicious activities – denial of service, privilege escalation, remote code execution, information theft, as well as bypassing security mechanisms.

One of the vulnerabilities, which is tracked as CVE-2022-42856, is currently being actively exploited by attackers.

Vulnerabilities have been assigned various CVSS scores and several of them have the highest score of 9.8.

Individual vulnerabilities are tracked with the following CVE codes:

• CVE-2022-32221
• CVE-2022-42915
• CVE-2023-23499
• CVE-2023-23505
• CVE-2023-23512
• CVE-2022-32915
• CVE-2022-35252
• CVE-2022-35260
• CVE-2022-3705
• CVE-2022-42856
• CVE-2022-42916
• CVE-2023-23493
• CVE-2023-23496
• CVE-2023-23497
• CVE-2023-23498
• CVE-2023-23500
• CVE-2023-23501
• CVE-2023-23502
• CVE-2023-23503
• CVE-2023-23504
• CVE-2023-23506
• CVE-2023-23507
• CVE-2023-23508
• CVE-2023-23510
• CVE-2023-23511
• CVE-2023-23513
• CVE-2023-23517
• CVE-2023-23518
• CVE-2023-23519

Below is a list of operating systems and their versions that are affected by mentioned vulnerabilities:

• Apple iOS in the version earlier and including 12.5.7
• Apple iOS in the version earlier and including 15.7.3
• Apple iOS in the version earlier and including 16.3
• Apple iPadOS in the version earlier and including 15.7.3
• Apple iPadOS in the version earlier and including 16.3
• Apple macOS Big Sur in the version earlier and including 11.7.3
• Apple macOS Monterey in the version earlier and including 6.3
• Apple macOS Ventura in the version earlier and including 13.2
• Apple Safari in the version earlier and including 16.3
• Apple tvOS in the version earlier and including 16.3
• Apple watchOS in the version earlier and including 9.3

Regarding the mentioned vulnerabilities, the National Cyber Security Centre SK-CERT recommends the following to all users who use Apple products with the operating system in vulnerable versions:

• immediately update all devices with the vulnerable operating system to the latest version,
• in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].

Sources

• https://support.apple.com/en-gb/HT213601
• https://support.apple.com/en-gb/HT213600
• https://support.apple.com/en-gb/HT213597
• https://support.apple.com/en-gb/HT213604
• https://support.apple.com/en-gb/HT213603
• https://support.apple.com/en-gb/HT213599
• https://support.apple.com/en-gb/HT213598
• https://support.apple.com/en-gb/HT213606
• https://support.apple.com/en-gb/HT213605
• https://www.hkcert.org/security-bullen/apple-products-multiple-vulnerabilities_20230126

 

« Späť na zoznam