Apple fixes a kernel and WebKit 0-day bug on iOS, macOS, and watchOS

0
12
1103671.jpeg
1103671.jpeg

In recent days, Apple has released new minor updates for iOS 16, iPadOS 16 and macOS 13 Ventura which fix some security bugs, rated “serious” and that, according to what was stated in the release notes by the Cupertino company, “may have been actively exploited”. If you haven’t already done so, Apple recommends that you install it as soon as possible iOS and iPadOS 16.5.1, macOS 13.4.1 and watchOS 9.5.2.

FIXED TWO MAJOR VULNERABILITIES

One of the two vulnerabilities mentioned, identified with the abbreviation CVE-2023-32434concerns a kernel-level bug that could allow malicious apps to “execute arbitrary code with kernel privileges”.

The other vulnerability, identified with the initials CVE-2023-32439, is related to a bug in WebKit, the engine of the Safari browser, which could allow arbitrary code to be executed after processing “maliciously created web content”. In addition, a bug that could have prevented charging with the Lightning to USB 3 Camera Adapter has also been fixed.

  • CVE-2023-32434: integer overflow in kernel. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against iOS versions released prior to iOS 15.7.
  • CVE-2023-32439: type confusion in WebKit. Processing maliciously created web content can lead to the execution of arbitrary code. Apple is aware of a report that hackers may have been actively exploiting this issue.

Given the danger of these two vulnerabilities, which is usually quite rare, Apple has released updates with the same fixesi also for iOS and iPadOS 15 and for macOS 11 and 12 (via macOS and Safari updates). In addition, an update has also been released which fix kernel bug on watchOS 8the latest version of the operating system that supported theApple Watch Series 3.

iOS and iPadOS 15.7.7, in addition to these two bugs, also solve a third one, also related to WebKit, identified with the initials CVE-2023-32435which may allow remote code execution when processing web content.

AN RSR IS NOT ENOUGH FOR BUGS IN THE KERNEL

As known, both in iOS 16 and macOS 13, Apple introduced the new feature Rapid Security Response which allows you to quickly fix some security bugs. The first public RSRs, after those previously released during beta testing, were released last May.

Rapid Security Responses allow you to quickly fix some security bugs

In this case, given the nature of the vulnerabilities, it appears that it was not possible to release just one RSR to address them. In fact, for kernel-level security bugs, a more layered update of the operating system would always be required.

Apple is continuing to test iOS and iPadOS 16.6, watchOS 9.6 and macOS 13.5, now in their third beta, alongside new versions of the operating systems – iOS and iPadOS 17, macOS 14 Sonoma, watchOS 10 and tvOS 17 – which will be released next fall and who are currently in their second developer beta. It is probable that the first public betas will also arrive from next month.

Previous articleWhatsApp beta for Android gets new interface for communities tab
Next articleThe search for life in the cosmos, the Webb Space Telescope reveals unexpected difficulties
Abraham
Expert tech and gaming writer, blending computer science expertise