Headline
Apple Security Advisory 10-25-2023-3
Apple Security Advisory 10-25-2023-3 - iOS 15.8 and iPadOS 15.8 addresses code execution and integer overflow vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-10-25-2023-3 iOS 15.8 and iPadOS 15.8iOS 15.8 and iPadOS 15.8 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213990.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.KernelAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch(7th generation)Impact: An app may be able to execute arbitrary code with kernelprivileges. Apple is aware of a report that this issue may have beenactively exploited against versions of iOS released before iOS 15.7.Description: An integer overflow was addressed with improved inputvalidation.CVE-2023-32434: Félix Poulin-Bélanger, Georgy Kucherin (@kucher1n),Leonid Bezvershenko (@bzvr_), Boris Larin (@oct0xor), and ValentinPashkov of KasperskyThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/ iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device. The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device. Tocheck that the iPhone, iPod touch, or iPad has been updated: *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.8 and iPadOS 15.8".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmU5YzUACgkQX+5d1TXaIvpmvxAApiw8TypIquob7TaOaS3F0K/Ny/GCw8JRXM6NQMEKftYhxcDbVXZo1OyE2Wvk9uVJv1Jkm7YLY4kfKrsbPxOKhS/3zSBpc+IGpyELEG8KIMUnh0FlYoHwFAJzxKcg0PyH0RBfwa63+H05TG/aGBx/eeCsfjcAsyDNj9rxFUGmoI4JhscZ7RbXYrMkbt3EaC43GQ0T8ah3kDtT+KirvU41m5m9yuzizfKNJQZRdd5oD7ad5zkS/VHK+mZjpCy2NvXI+Z6md6KEDiUBY4GRlr+xGwCapKv7iZ8jMHkwHy18TszaP1yR7+TLmh4QFySj0xuwvSq+4fkXql+1ap/x3u6WcoEoetMswyfg1UXGh2WreqLnMPcIRe5MVPQEjBvzk0a5OZUH2G3EF1WwFhrdDeS54H3Q0KGunm4/1WECcKbbI09Le348UhcZpdAm+2mEjs+F73U0J71TasNEsPZhXmijxQIOd2V/gvrCpW/6587wX3kmVs63iJ86FWhgFglSmWPfuNCrarWASAbx1DeT+rbYvL+VzB17vTpZWO+4AHhtj3tpwEWzoWezAXAXe4Zq1T8CF6qZ26D8Aez5EoFyBC9bh+hZX1pvZsllTzHcs656WVpopXw+J/klqM0JvgnlbBBWN9qUZIYcNd9Pycr+IiTBBny6pTub6yQExvj4R2RKvg8==m+Ng-----END PGP SIGNATURE-----Related news
By Deeba Ahmed Triangulation of Terror: Inside the Most Sophisticated iPhone Spyware Campaign Ever Seen. This is a post from HackRead.com Read the original post: iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers
The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which discovered the campaign at the beginning of 2023 after becoming one of the targets, described it as
Categories: Exploits and vulnerabilities Categories: News Tags: iLeakage Tags: side-channel Tags: Safari Tags: CVE-2023-40413 Tags: CVE-2023-40416 Tags: CVE-2023-40423 Tags: CVE-2023-42487 Tags: CVE-2023-42841 Tags: CVE-2023-41982 Tags: CVE-2023-41997 Tags: CVE-2023-41988 Tags: CVE-2023-40447 Tags: CVE-2023-42852 Tags: CVE-2023-32434 Tags: CVE-2023-41989 Tags: CVE-2023-38403 Tags: CVE-2023-42856 Tags: CVE-2023-40404 Tags: CVE-2023-41977 Tags: Vim Apple has released security updates for its phones, iPads, Macs, watches and TVs. (Read more...) The post Update now! Apple patches a raft of vulnerabilities appeared first on Malwarebytes Labs.
The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The findings come from Kaspersky, which detailed the great lengths the adversary behind the campaign, dubbed Operation Triangulation, went to conceal and cover up
Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management. "
Plus: Microsoft fixes 78 vulnerabilities, VMWare plugs a flaw already used in attacks, and more critical updates from June.
Apple's emergency patch, AI-generated art and more security headlines from the past week.
The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware (CVE-2023-20867 and CVE-2023-20887), and one shortcoming impacting Zyxel
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.
Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: kernel webkit Tags: CVE-2023-32434 Tags: CVE-2023-32435 Tags: CVE-2023-32439 Tags: type confusion Tags: integer overflow Tags: operation triangulation Apple has released security updates for several products to address a set of flaws it said were being actively exploited. (Read more...) The post Update now! Apple fixes three actively exploited vulnerabilities appeared first on Malwarebytes Labs.