Headline
Apple Security Advisory 2023-09-07-3
Apple Security Advisory 2023-09-07-3 - watchOS 9.6.2 addresses a malicious attachment vulnerability that could be used to execute arbitrary code.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-09-07-3 watchOS 9.6.2watchOS 9.6.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213907.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.WalletAvailable for: Apple Watch Series 4 and laterImpact: A maliciously crafted attachment may result in arbitrary codeexecution. Apple is aware of a report that this issue may have beenactively exploited.Description: A validation issue was addressed with improved logic.CVE-2023-41061: AppleAdditional recognitionWalletWe would like to acknowledge The Citizen Lab at The University ofTorontoʼs Munk School for their assistance.Instructions on how to update your Apple Watch software are availableat https://support.apple.com/kb/HT204641 To check the version onyour Apple Watch, open the Apple Watch app on your iPhone and select"My Watch > General > About". Alternatively, on your watch, select"My Watch > General > About".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmT6SZcACgkQX+5d1TXaIvpMbhAAvBOZyWF2XNTmRdi+t88bz1M/w8o+OSdOZxgu2AAI8iEiLTJ/HGSEMhNX6NICf1aRUVAidz1Bk3CelRLLnmwgtL+4O/pkU4Q5Diy+vYudbJEZ1VA6Q2W2MmAjJuOr2SD3ygd1TiC38t4DEDe2zQrsXlQ3VuuxnSeVLXWHZaL8gQO3+qr9SLn6gr7iN+MUKYzCjY2DELb+Cbh64gsjtnkHIgzPyq1+SpPMdzIn+PdaokQl/MUA2PiQ/edaiCXO0paN+O6a0rySVAxV0fZ5FUQjYCq5bpOtfuuVu57z/PpytMRY1wQCsQ/AkhP99bXyAFUt+QcjewUx+aI8Fi5NHniEVSuCRY09hEPXxzSHKHO+Pti4tKvKc7SCcxDIRMqTgcf1vah0UpJW0lHiawt5xLPigqq7lhdUBX3QWVKAMWDiJkluOujUh0qPIhdHH48LmOnyPIqseiis1MxyoHMkoM9PYtp5Y5T7t8RWmqo/+TlsXDI3LP8PXrLC1z6oJIXRQBXrOAsUYkuUrg1qOHSterAcpdPcKtgL8kx5Mdh6R1HlkPcS2M5pBnL7QkHhrIT9FBIpUeYwRKvjoqZypjrComClGgGYX7pflWGJUIrXWgqtAJLC2qBq3YiJqnFhhMkhscu7r30pWYe/d3h31In7W0/qkMdMMQE0KunNbWuRtd9ks+w==4Cnz-----END PGP SIGNATURE-----Related news
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by
The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which discovered the campaign at the beginning of 2023 after becoming one of the targets, described it as
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR
Categories: Exploits and vulnerabilities Categories: News Tags: Blastpass Tags: citizenlab Tags: pegasus Tags: nso Tags: cisa Tags: apple Tags: cve-2023-41064 Tags: cve-2023-41061 Tags: buffer overflow CISA has added two recently discovered Apple vulnerabilities to its catalog of known exploited vulnerabilities. (Read more...) The post Two Apple issues added by CISA to its catalog of known exploited vulnerabilities appeared first on Malwarebytes Labs.
Apple Security Advisory 2023-09-07-2 - iOS 16.6.1 and iPadOS 16.6.1 addresses buffer overflow and code execution vulnerabilities.
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.