Security
Headlines
HeadlinesLatestCVEs

Headline

Apple's iOS 16.5 Fixes 3 Security Bugs Already Used in Attacks

Plus: Microsoft patches two zero-day flaws, Google’s Android and Chrome get some much-needed updates, and more.

Wired
#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#cisco#git#zero_day#chrome#webkit#sap

Apple, Google, and Microsoft have released major patches this month to fix multiple security flaws already being used in attacks. May was also a critical month for enterprise software, with GitLab, SAP, and Cisco releasing fixes for multiple bugs in their products.

Here’s everything you need to know about the security updates released in May.

Apple iOS and iPadOS 16.5

Apple has released its long-awaited point update iOS 16.5, addressing 39 issues, three of which are already being exploited in real-life attacks. The iOS upgrade patches vulnerabilities in the Kernel at the heart of the operating system and in WebKit, the engine that powers the Safari browser. The three already exploited flaws are among five fixed in WebKit—tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373.

CVE-2023-32409 is an issue that could allow an attacker to break out of the Web Content sandbox remotely, reported by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. CVE-2023-28204 is a flaw that risks a user disclosing sensitive information. Finally, CVE-2023-32373 is a use-after-free bug that could enable arbitrary code execution.

Earlier in the month, Apple released iOS 16.4.1 (a) and iPadOS 16.4.1 (a)—the iPhone maker’s first-ever Rapid Security Response update—fixing the latter two exploited WebKit vulnerabilities also patched in iOS 16.5.

Apple iOS and iPadOS 16.5 were issued alongside iOS 15.7.6 and iPadOS 15.7.6 for older iPhones, as well as iTunes 12.12.9 for Windows, Safari 16.5, macOS Big Sur 11.7.7, macOS Ventura 13.4, and macOS Monterey 12.6.6.

Apple also released its first security update for Beats and AirPods headphones.

Microsoft

Microsoft’s mid-month Patch Tuesday fixed 40 security issues, two of which were zero-day flaws already being used in attacks. The first zero-day vulnerability, CVE-2023-29336, is an elevation-of-privilege bug in the Win32k driver that could allow an attacker to gain System privileges.

The second serious flaw, CVE-2023-24932, is a Secure Boot security feature bypass issue that could allow a privileged attacker to execute code. “An attacker who successfully exploited this vulnerability could bypass Secure Boot,” Microsoft said, adding that the flaw is difficult to exploit: “Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.”

The security update is not a full fix: It addresses the vulnerability by updating the Windows Boot Manager, which could cause issues, the company warned. Additional steps are required at this time to mitigate the vulnerability, Microsoft said, pointing to steps affected users can take to mitigate the issue.

Google Android

Google has released its latest Android security patches, fixing 40 flaws, including an already exploited Kernel vulnerability. The updates also include fixes for issues in the Android Framework, System, Kernel, MediaTek, Unisoc, and Qualcomm components.

The most severe of these issues is a high-severity security vulnerability in the Framework component that could lead to local escalation of privilege, Google said, adding that user interaction is needed for exploitation.

Previously linked to commercial spyware vendors, CVE-2023-0266 is a Kernel issue that could lead to local escalation of privilege. User interaction is not needed for exploitation.

Related news

Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk

Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical."

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by

Google Patches Another Chrome Zero-Day as Browser Attacks Mount

The vulnerability is among a rapidly growing number of zero-day bugs that major browser vendors have reported recently.

Update now! Apple fixes several serious vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: WebKit Tags: CVE-2023-38606 Tags: CVE-2023-32409 Tags: CVE-2023-37450 Tags: CVE-2023-32416 Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days. (Read more...) The post Update now! Apple fixes several serious vulnerabilities appeared first on Malwarebytes Labs.

NSA: BlackLotus BootKit Patching Won't Prevent Compromise

It's unclear why the NSA issued in-depth mitigation guidance for the software boot threat now, but orgs should take steps to harden their environments.

CVE-2023-32417: About the security content of watchOS 9.5

This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features

CVE-2023-32363: About the security content of macOS Ventura 13.4

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences

CVE-2023-32385: About the security content of iOS 16.5 and iPadOS 16.5

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination

CVE-2023-27930: About the security content of tvOS 16.5

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges

CVE-2023-32373: About the security content of Safari 16.5

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems

The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user executable policies and monitoring the integrity of the boot partition." BlackLotus is an advanced

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.

Debian Security Advisory 5427-1

Debian Linux Security Advisory 5427-1 - An anonymous researcher discovered that processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Experts Unveil PoC Exploit for Recent Windows Vulnerability Under Active Exploitation

Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. "An attacker who successfully exploited this vulnerability could gain

Red Hat Security Advisory 2023-3433-01

Red Hat Security Advisory 2023-3433-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3432-01

Red Hat Security Advisory 2023-3432-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. It’s been a […]

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. It’s been a […]

It’s apparently hip to still be using Windows 7

Steam, the most popular video game storefront on PCs, only recently announced that it was ending support for Windows 7 and 8, and even then, it won’t be official until January.

It’s apparently hip to still be using Windows 7

Steam, the most popular video game storefront on PCs, only recently announced that it was ending support for Windows 7 and 8, and even then, it won’t be official until January.

It’s apparently hip to still be using Windows 7

Steam, the most popular video game storefront on PCs, only recently announced that it was ending support for Windows 7 and 8, and even then, it won’t be official until January.

Update now! Apple issues patches for three actively used zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: RSR Tags: CVE-2023-32409 Tags: CVE-2023-28204 Tags: CVE-2023-32373 Tags: out of bounds Tags: use after free Apple issued information about patches against three actively exploited zero-days in WebKit. One vulnerability is new, two were patched earlier this month. (Read more...) The post Update now! Apple issues patches for three actively used zero-days appeared first on Malwarebytes Labs.

Update now! Apple issues patches for three actively used zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: RSR Tags: CVE-2023-32409 Tags: CVE-2023-28204 Tags: CVE-2023-32373 Tags: out of bounds Tags: use after free Apple issued information about patches against three actively exploited zero-days in WebKit. One vulnerability is new, two were patched earlier this month. (Read more...) The post Update now! Apple issues patches for three actively used zero-days appeared first on Malwarebytes Labs.

Update now! Apple issues patches for three actively used zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: RSR Tags: CVE-2023-32409 Tags: CVE-2023-28204 Tags: CVE-2023-32373 Tags: out of bounds Tags: use after free Apple issued information about patches against three actively exploited zero-days in WebKit. One vulnerability is new, two were patched earlier this month. (Read more...) The post Update now! Apple issues patches for three actively used zero-days appeared first on Malwarebytes Labs.

Apple Patches 3 Zero-Days Possibly Already Exploited

In an advisory released by the company, Apple revealed patches for three previously unknown bugs it says may already have been used by attackers.

Apple Patches 3 Zero-Days Possibly Already Exploited

In an advisory released by the company, Apple revealed patches for three previously unknown bugs it says may already have been used by attackers.

Apple Patches 3 Zero-Days Possibly Already Exploited

In an advisory released by the company, Apple revealed patches for three previously unknown bugs it says may already have been used by attackers.

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with

Threat Source newsletter (May 11, 2023) — So much for that ransomware decline

A ransomware attack on the city of Dallas, Texas is still disrupting many social services as of Wednesday, including hampering police communications and operations and potentially putting personal information at risk.

Threat Source newsletter (May 11, 2023) — So much for that ransomware decline

A ransomware attack on the city of Dallas, Texas is still disrupting many social services as of Wednesday, including hampering police communications and operations and potentially putting personal information at risk.

Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months." Of the 38 vulnerabilities, six are rated Critical and

Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months." Of the 38 vulnerabilities, six are rated Critical and

Update now! May 2023 Patch Tuesday tackles three zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: CVE-2023-29336 Tags: CVE-2023-24932 Tags: bootkit Tags: CVE-2023-29325 Tags: Outlook Tags: preview Tags: CVE-2023-24941 Tags: Apple Tags: Cisco Tags: Google Tags: Android Tags: VMWare Tags: SAP Tags: Mozilla Microsoft's Patch Tuesday round up for May 2023 includes patches for three zero-day vulnerabilities and one critical remote code execution vulnerability (Read more...) The post Update now! May 2023 Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.

Update now! May 2023 Patch Tuesday tackles three zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: CVE-2023-29336 Tags: CVE-2023-24932 Tags: bootkit Tags: CVE-2023-29325 Tags: Outlook Tags: preview Tags: CVE-2023-24941 Tags: Apple Tags: Cisco Tags: Google Tags: Android Tags: VMWare Tags: SAP Tags: Mozilla Microsoft's Patch Tuesday round up for May 2023 includes patches for three zero-day vulnerabilities and one critical remote code execution vulnerability (Read more...) The post Update now! May 2023 Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.

Microsoft Patch Tuesday, May 2023 Edition

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.

Microsoft Patch Tuesday, May 2023 Edition

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.

CVE-2023-24932

Secure Boot Security Feature Bypass Vulnerability

Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years

One of the vulnerabilities is being actively exploited in the wild, according to Microsoft, the fourth month in a row in which this is the case.

CVE-2023-24932: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

Guidance related to Secure Boot Manager changes associated with CVE-2023-24932

Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this vulnerability. This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware Interface (UEFI) level while Secure Boot is enabled.

CVE-2023-29336: Win32k Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

RHSA-2023:1666: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2023-0266: A...

RHSA-2023:1660: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem. * CVE...

RHSA-2023:1588: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in the ALSA subsystem in sound/core/control.c in the Linux kernel. This flaw allows a local attacker to cause a use-after-free issue.

RHSA-2023:1559: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw al...

RHSA-2023:1560: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2023-0266: A us...

Red Hat Security Advisory 2023-1471-01

Red Hat Security Advisory 2023-1471-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a double free vulnerability.

RHSA-2023:1435: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4378: A stack ove...

Red Hat Security Advisory 2023-1202-01

Red Hat Security Advisory 2023-1202-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-1203-01

Red Hat Security Advisory 2023-1203-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

RHSA-2023:1203: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...