Apple has released security updates to fix two vulnerabilities being exploited by hackers in different versions of macOS, iOS, watchOS, and iPadOS. If exploited, the vulnerabilities could lead to arbitrary malicious code execution.
| Join the channel Telegram belong to AnonyViet ???? Link ???? |
These two vulnerabilities are part of an exploit chain called BLASTPASS, which is capable of compromising iPhones running on the latest iOS version (16.6) without any victim interaction. This is a zero-click vulnerability used to distribute mercenary spyware Pegasus of NSO Group.
One of the flaws (CVE-2023-41064) exists in Apple’s Image I/O framework, allowing applications to read and write most image file formats that generate buffer overflows. For this vulnerability, “processing a malicious image can lead to arbitrary malicious code execution.”
Second flaw (CVE-2023-41061) related to Apple’s Wallet feature, which allows users to store bank cards. According to Apple, a malicious attachment could lead to arbitrary code execution. The error is also fixed in iOS version 16.6.1
Both bugs affect iPhone 8 or later, all iPad Pro models, iPad Air 3rd generation or later, iPad 5th generation or later, and iPad mini 5th generation or later. Meanwhile, the bug related to CVE-2023-41061 also affects Apple Watch Series 4 and later; while the vulnerability related to CVE-2023-41064 also affects macOS Ventura. Apple has rolled out iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2, and macOS Ventura 13.5.2 to address security flaws.
To fix the security vulnerability of Apple devices, you just need to go to Settings -> General -> Software Update, and update to the latest Firmware version for your device.
Apple over the past few months has been rolling out fixes for various exploited bugs, including through an update addressing the WebKit vulnerability (CVE-2023-37450) affecting iOS, macOS, and iPadOS in November. 7 and an update addressing an integer overflow vulnerability (CVE-2023-32434) affecting watchOS, macOS, and iPadOS in June.
