Apple addresses two zero-day vulnerabilities that hackers may have actively exploited.
On Thursday, Apple took action by releasing software updates to tackle two zero-day vulnerabilities that hackers may have actively exploited.
One of these vulnerabilities, identified as CVE-2023-41064, could expose certain devices such as iPhones, iPads, Macs, and Apple Watches to attacks when they process a “maliciously crafted image.” While Apple did not provide specific details about this issue, they confirmed that it affects the Image I/O framework and credited researchers from The Citizen Lab at The University of Toronto for assisting in its identification.
The second vulnerability, CVE-2023-41061, creates similar security risks when a device receives a “maliciously crafted attachment.” Apple independently discovered this flaw within its Wallet function.
In both cases, Apple acknowledged being “aware of a report indicating potential active exploitation” but did not provide further details about these vulnerabilities.
These software updates are applicable to macOS Ventura, iOS, iPadOS, and watchOS and were delivered as part of the routine updates for these products. They were not classified as Rapid Security Responses, which Apple uses for urgent bug fixes issued between full OS updates.
With the disclosure and subsequent patching of these two vulnerabilities, Apple has now addressed a total of 13 zero-day vulnerabilities in 2023. Among them, some have garnered significant attention, including two bugs fixed in June that were exploited in a spyware campaign attributed to accusations by the Russian government against the U.S. Additionally, a separate Rapid Security Response in July necessitated Apple to release a revised patch after the initial version caused issues with some websites displaying properly.
Related story:
