Apple fixes security flaws

Share post:

Apple has released security updates to patch three flaws that have been exploited by commercial spyware to infect iPhones and other devices.

The updates, which were released on September 22, 2023, should be installed as soon as possible to protect against these vulnerabilities.

The three flaws are CVE-2023-41991, a certificate validation issue that could allow a malicious app to bypass signature validation. CVE-2023-41992, a kernel-level privilege escalation hole that could be abused to gain full control of a device. And CVE-2023-41993, a web content processing flaw that could lead to arbitrary code execution.

macOS Monterey 12.7, macOS Ventura 13.6, watchOS 9.6.3, watchOS 10.0.1, iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, and Safari 16.6.1 are the Apple devices and software are affected by the flaws.

Google’s Threat Analysis Group (TAG) and The Citizen Lab have discovered evidence that these flaws were exploited by Predator spyware, which is sold by the company Intellexa. Intellexa was added to the U.S. entity list in July 2023 as a national security threat.

TAG has urged users to update their devices to the latest security patches and to use secure HTTPS rather than insecure HTTP where possible to help prevent redirects to malicious websites.

The sources for this piece include an article in TheRegister.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Proposed Canadian law puts burden on large internet providers to police child porn, hate

Designated social media providers, adult sites streaming services would have to remove some content withi

Avast hit with 16.5 million dollar fine for selling your browsing data

Avast, the antivirus giant, has been slapped with a $16.5 million fine by the Federal Trade Commission (FTC)....

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways