On 21 September 2023, Apple released emergency security updates to fix three vulnerabilities impacting macOS, iOS, iPadOS, and Safari.? ?
?
| Vulnerability?
? |
Description? ? |
Impacted Product? ? |
|
CVE-2023-41991? |
A certificate validation issue in the WebKit engine could allow a malicious app to bypass signature validation.? |
macOS, iOS, iPadOS, watchOS? |
|
CVE-2023-41992? |
A flaw in the kernel could potentially allow a local attacker to elevate their privileges due to inadequate checks.? |
macOS, iOS, iPadOS, watchOS? |
|
CVE-2023-41993? |
Inadequate checks in the Security Framework could allow a threat actor to achieve arbitrary code execution via maliciously crafted web content.? |
Safari, iOS, iPadOS? |
and observed these three vulnerabilities exploited in an exploit chain against a former Egyptian Member of Parliament to deploy Predator spyware. Predator was developed by Intellexa/Cytrox to perform surveillance on targeted mobile devices. Earlier in 2023, the as these companies were involved in activities that threatened national security by targeting high-profile individuals worldwide.??
Apple products can be appealing targets for threat actors due to their potential to store sensitive company information. This presents a risk to organisations with a Bring Your Own Device (BYOD) policy that allow employees to use their personal devices, as security updates may not be strongly enforced. ?
Recommendation for CVE-2023-41991, 41992, 41993?
Upgrade Apple Products to Fixed Version???
Arctic Wolf strongly recommends upgrading affected Apple products to their respective fixed version. These updates can be performed by going to the device¡¯s system settings and selecting ¡°Software Update¡±.?
|
Apple Product? ? |
Fixed Version? ? |
|
Safari (on macOS Big Sur and Monterey)? |
?
|
|
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later? |
? |
|
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later? |
? |
|
Apple Watch Series 4 and later? |
? |
|
Apple Watch Series 4 and later? |
? |
|
macOS Ventura? |
? |
|
macOS Monterey? |
? |
?
Note: Citizen Lab urges all at-risk users to enable Lockdown mode as this has been confirmed by Apple¡¯s Security Engineering and Architecture team that Lockdown Mode blocks this particular attack.?
Please follow your organisation’s patching and testing guidelines to avoid operational impact.?
References??
- ?
