Aeroblade flew under the radar, slicing through detection checks on a quest to steal sensitive commercial data.

Source: Phil McDonald via Alamy Stock Photo

A US aerospace company was recently subjected to a nearly yearlong commercial cyberespionage campaign, carried out by a seemingly new threat actor researchers have named "AeroBlade."

Unlike the high-stakes aerospace espionage carried out by major nation-state and ransomware groups in recent years, this latest bout, documented last week by Blackberry, follows a characteristically old script: a phishing bait-and-switch, template injection, VBA macro code, and so on.

Though old hat, the campaign — split into a testing (September 2022) and execution phase (July 2023) — managed to remain undetected for the better part of a year thanks to thorough anti-analysis protections.

The ultimate success of the campaign, and the nature of any data which might have been accessed, is not yet known.

**Aerospace Espionage, via Word**

The two attacks began, as so many before it have, with lure documents encased in phishing emails.

Once clicked, the attachments revealed Microsoft Word documents with scrambled text. The documents also contained a suspicious header: "SOMETHING WENT WRONG Enable Content to load the document."

Mimicking the macros notifications of old, the false flag lured victims into clicking and, unwittingly, retrieving and executing a malicious Microsoft Word template (DOTM) file. Injected in the template was a legible decoy document, as well as the instructions for a second-stage infection.

The final payload at the end of this chain was a dynamic link library (DLL) file acting as a reverse shell. The payload collected and exfiltrated system information and directories, and established persistence by creating a task in Windows Task Scheduler, to trigger every morning at 10:10 AM local time.

**Developing Stealth Techniques**

After its initial "test" attack, AeroBlade returned for real with a series of more advanced stealth techniques built into its payload.

The group's staying power may be at least partly attributed to how careful it was in, for example, diligently checking for characteristic signs of a sandbox environment or antivirus software, and also the many ways in which it obfuscated its malicious code.

For example, the executable used custom encoding for each string, and API hashing with MurmurHash to conceal how it used Windows functions. It also came fitted with a number of anti-disassembly techniques including control flow obfuscation, splicing data into code, and using dead-code executed instructions — code which gets executed, but whose result has no bearing on the rest of the program — to throw off analysts.

Given all of the facts of the case, the researchers concluded "with a high degree of confidence that this was a commercial cyberespionage campaign. Its purpose was most likely to gain visibility over the internal resources of its target in order to weigh its susceptibility to a future ransom demand."

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

'AeroBlade' Group Hacks US Aerospace Company

This week on the Lock and Code podcast, we speak with Allan Liska about why a ransomware group tattled on its own victim, and what to expect next year.

_This week on the Lock and Code podcast…_

Like the grade-school dweeb who reminds their teacher to assign tonight’s homework, or the power-tripping homeowner who threatens every neighbor with an HOA citation, the ransomware group ALPHV can now add itself to a shameful roster of pathetic, little tattle-tales.

In November, the ransomware gang ALPHV, which also goes by the name Black Cat, notified the US Securities and Exchange Commission about the Costa Mesa-based software company MeridianLink, alleging that the company had failed to notify the government about a data breach. Under newly announced rules by the US Securities and Exchange Commission (SEC), public companies will be expected to notify the government agency about “material cybersecurity incidents” within four days of determining whether such an incident could have impacted the company’s stock prices or any investment decisions from the public.

According to ALPHV, MeridianLink had violated that rule. But how did ALPHV know about this alleged breach?

Simple. They claimed to have done it.

“It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under Item 1.05 of Form 8-K within the stipulated four business days, as mandated by the new SEC rules,” wrote ALPHV in a complaint that the group claimed to have filed with the US government.

The victim, MeridianLink, refuted the claims. According to a MeridianLink spokesperson, while the company confirmed a cybersecurity incident, it denied the severity of the incident.

“Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption,” a MeridianLink spokesperson said at the time. “If we determine that any consumer personal information was involved in this incident, we will provide notifications as required by law.”

This week on the Lock and Code podcast with host David Ruiz, we speak to Recorded Future intelligence analyst Allan Liska about what ALPHV could hope to accomplish with its SEC complaint, whether similar threats have been made in the past under other regulatory regime, and what organizations everywhere should know about ransomware attacks going into the new year. One big takeaway, Liska said, is that attacks are getting bigger, bolder, and brasher.

“There are no protections anymore,” Liska said. “For a while, some ransomware actors were like, ‘No, we won’t go after hospitals, or we won’t do this, or we won’t do that.’ Those protections all seem to have flown out the window, and they’ll go after anything and anyone that will make them money. It doesn’t matter how small they are or how big they are.”

Liska continued:

> “We’ve seen ransomware actors go after food banks. You’re not going to get a ransom from a food bank. Don’t do that.”

Tune in today to listen to the full conversation.

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24 

Apple has released an emergency security update for two zero-day vulnerabilities which may have already been exploited.

Apple has released emergency security updates for iOS 17.1.2 and iPadOS 17.1.2 to patch for two zero-day vulnerabilities that may have been actively exploited.

Apple said both vulnerabilities were in the WebKit component, which is the engine that powers Safari browser on Macs as well as all browsers on iPhones and iPads. It is also the web browser engine used by Mail, App Store, and many other apps on macOS, iOS, and Linux.

The updates are available for the following:

*   iPhone XS and later
*   iPad Pro 12.9-inch 2nd generation and later
*   iPad Pro 10.5-inch
*   iPad Pro 11-inch 1st generation and later
*   iPad Air 3rd generation and later
*   iPad 6th generation and later
*   iPad mini 5th generation and later.
*   macOS Sonoma 14.1.2
*   Safari 17.1.2.

The updates may already have reached you if you automatically update, but it doesn’t hurt to check if your device is at the latest update level.

If a Safari update is available for your device, you can get it by updating your iPhone or iPad or updating your Mac.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Update your iPhones! Apple fixes two zero-days in iOS 

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers.
The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8)

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers.

The issues, collectively named **BLUFFS**, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8) and were responsibly disclosed in October 2022.

The attacks "enable device impersonation and machine-in-the-middle across sessions by only compromising one session key," EURECOM researcher Daniele Antonioli said in a study published late last month.

This is made possible by leveraging two new flaws in the Bluetooth standard's session key derivation mechanism that allow the derivation of the same key across sessions.

UPCOMING WEBINAR

Learn Insider Threat Detection with Application Response Strategies

Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.

Join Now

While forward secrecy in key-agreement cryptographic protocols ensures that past communications are not revealed, even if the private keys to a particular exchange are revealed by a passive attacker, future secrecy (aka backward secrecy) guarantees the confidentiality of future messages should the past keys get corrupted.

In other words, forward secrecy protects past sessions against future compromises of keys.

The attack works by weaponizing four architectural vulnerabilities, including the aforementioned two flaws, in the specification of the Bluetooth session establishment process to derive a weak session key, and subsequently brute-force it to spoof arbitrary victims.

The AitM attacker impersonating the paired device could then negotiate a connection with the other end to establish a subsequent encryption procedure using legacy encryption.

In doing so, "an attacker in proximity may ensure that the same encryption key is used for every session while in proximity and force the lowest supported encryption key length," the Bluetooth Special Interest Group (SIG) said.

"Any conforming BR/EDR implementation is expected to be vulnerable to this attack on session key establishment, however, the impact may be limited by refusing access to host resources from a downgraded session, or by ensuring sufficient key entropy to make session key reuse of limited utility to an attacker."

Furthermore, an attacker can take advantage of the shortcomings to brute-force the encryption key in real-time, thereby enabling live injection attacks on traffic between vulnerable peers.

The success of the attack, however, presupposes that an attacking device is within the wireless range of two vulnerable Bluetooth devices initiating a pairing procedure and that the adversary can capture Bluetooth packets in plaintext and ciphertext, known as the victim's Bluetooth address, and craft Bluetooth packets.

As mitigations, SIG recommends that Bluetooth implementations reject service-level connections on an encrypted baseband link with key strengths below 7 octets, have devices operate in "Secure Connections Only Mode" to ensure sufficient key strength, and pair is done via "Secure Connections" mode as opposed the legacy mode.

The disclosure comes as ThreatLocker detailed a Bluetooth impersonation attack that can abuse the pairing mechanism to gain wireless access to Apple macOS systems via the Bluetooth connection and launch a reverse shell.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

By Waqas
In addition to his prison sentence, Amir Hossein Golshan, the culprit, has been ordered to pay $1,218,526 in restitution to his victims.
This is a post from HackRead.com Read the original post: US Man Jailed 8 Years for SIM Swapping and Apple Support Impersonation

Golshan’s schemes involved SIM swapping, social media account takeovers, Zelle payment fraud, and impersonating Apple Support personnel.

A 25-year-old man from downtown Los Angeles has been sentenced to 8 years in federal prison for orchestrating a series of online scams that defrauded hundreds of victims of over $740,000.

Amir Hossein Golshan (PDF) was convicted of one count of unauthorized access to a protected computer to obtain information, one count of wire fraud, and one count of accessing a computer to defraud and obtain value.

Golshan’s schemes involved SIM swapping, social media account takeovers, Zelle payment fraud, and impersonating Apple Support personnel. He used these methods to steal money, NFTs, cryptocurrency, and other valuable digital property from his victims.

> It looks like the SIM swapper who impersonated Apple Support to steal $386K worth of crypto and NFTs (BAYC 9012) from @Mr312 last year was just sentenced to 8 years in prison + ordered to pay $1.2M in restitution.
> 
> How do we know it’s his scammer?
> 
> In the DOJ press release they… pic.twitter.com/qBrWBpROVg
> 
> — ZachXBT (@zachxbt) November 30, 2023

In one instance, Golshan targeted a Los Angeles-based model and influencer with over 100,000 Instagram followers. He gained access to her Instagram account and impersonated her to her friends, requesting them to send him money through Zelle, PayPal, and other online payment platforms.

Several of the victim’s friends sent Golshan money, totalling thousands of dollars, believing they were sending money to the victim. In another instance, Golshan impersonated Apple Support personnel to gain unauthorized access to several victims’ Apple iCloud accounts. He then stole NFTs, cryptocurrency, and other valuable digital property from these accounts.

In another case, he stole an NFT valued at approximately $319,000 and approximately $70,000 worth of cryptocurrency from a victim. U.S. District Judge Otis D. Wright II, who sentenced Golshan, stated that his crimes went “beyond just money” and that they showed a “wanton cruelty” that caused the victims to live in a state of “constant fear and worry.”

According to the US Department of Justice’s press release on Monday, November 27, 2023, Golshan has been in federal custody since June 2023 for violating the terms of his pretrial release. In addition to his prison sentence, he is ordered to pay $1,218,526 in restitution to his victims.

1.  **Police Dismantle SIM Swapping Gang in Spain**
2.  **Indian police & Microsoft busts tech support scam centers**
3.  **10 SIM-swapping hackers nabbed for targeting US celebrities**
4.  **Authorities take down scam campaign impersonating the WHO**
5.  **Man hacks Indian tech support scam call center; leaks CCTV footage**

US Man Jailed 8 Years for SIM Swapping and Apple Support Impersonation

QR codes can be convenient—but they can also be exploited by malicious actors. Here’s how to protect yourself.

And you don’t need anything special to create a QR code. The tools are widely available and straightforward to use, and putting together a QR code of your own isn’t much more difficult than scanning one. If you wanted to create a QR code that points to a website that’s been put together for malicious purposes, it would only take a couple of minutes. The QR code could then be stuck on a wall, attached to an email, or printed on a document, ready to be scanned.

The aims of these websites are the same as they’ve always been: to get you to download something that will compromise the security of your accounts or your devices, or to get you to enter some login credentials that will then be relayed straight to the hackers (most probably using a spoof site set up to look like something genuine and trustworthy). The intended end results are the same as ever, but the method of getting there is different.

Avoiding QR Code Hacks

The security precautions you should already be using are the same ones that will keep you protected against QR code hacking. Just as you would with emails or instant messages, don’t trust QR codes if you’re not sure where they’ve come from—perhaps attached to suspicious-looking emails or on websites that you can’t verify. The QR code on the menu in your local restaurant, in contrast, is highly unlikely to have been generated by hackers.

Of course, there’s always the chance that the accounts of your friends, family, and colleagues have been compromised, so you can never be 100 percent sure that a message with a QR code in it is genuine. Scams will usually try to imply a sense of urgency and alarm: Scan this QR code to verify your identity or prevent the deletion of your account or take advantage of a time-limited offer.

You should get a preview of the link you’re visiting from a QR code.

Apple via David Nield

As always, your digital accounts should be as heavily protected as possible, so that if you do fall victim to a QR code trick, safety nets are in place. Switch on two-factor authentication for every account that offers it, make sure your personal details are up to date (such as backup email addresses and phone numbers that can be used to recover your accounts), and log out of devices you’re no longer using (you should also delete old accounts you no longer have any need for).

Finally, keep your software up to date—something that’s happily now very easy to do. The latest versions of popular mobile web browsers come with built-in tech for spotting fraudulent links: These integrated protections aren’t infallible, but the more up-to-date your browser and mobile OS are, the better your chances of getting a warning on screen if you’re about to visit an unsafe location on the web.

How to Not Get Hacked by a QR Code

Interpol has upgraded its biometric background check tech. It'll help catch criminals, but will it protect sensitive, immutable data belonging to the innocent?

Source: Huang Zheng via Shutterstock

In November, Interpol arrested a fugitive smuggler using a new biometric security system it plans to deploy across its 196 member countries.

The colorlessly named "Biometric Hub" collates Interpol's existing fingerprint and facial-recognition data into one place, allowing border control and frontline officers to query criminal biometric records in real time.

The system is backed with certain privacy guarantees, but questions remain about the extent of its reach, and of any organization's ability to keep a tight hold over such privileged data.

"This is going to be a super high-value target for somebody to get access to," John Gallagher, vice president at Viakoo, worries. "Any time you put together such valuable information, it's obviously going to get hacked and leaked."

**The First Criminal Caught by Biometric Hub**

Just a couple of weeks ago, a group of migrants was crossing the Balkans on their way to Western Europe. In their midst was a fugitive migrant smuggler.

The group encountered a police check in Sarajevo, Bosnia and Herzegovina.

"Wanted on organized crime and human trafficking charges since 2021, the smuggler presented himself as a fellow migrant under a false name, using a fraudulent identification document to avoid detection," Interpol recounted in a press release.

Unfortunately for the fugitive, this police check was among the first to utilize the new Biometric Hub out in the field. "When the smuggler’s photo was run through the Biometric Hub, it immediately flagged that he was wanted in another European country. He was arrested and is currently awaiting extradition."

There's little doubt that the Biometric Hub will streamline Interpol's criminal background checks. But does it provide sufficient security and privacy checks for the citizens who aren't trying to perform crimes across borders?

**Concerns Over Biometric Policing**

To assuage fears of a sci-fi dystopia, Interpol explained on Wednesday that its new biometrics system will abide by its "robust" data protection framework.

Of note, the agency added that "biometric data run through the Hub in a search is not added to INTERPOL's criminal databases, is not visible to other users and any data that does not result in a match is deleted following the search."

Dark Reading has reached out for comment to Interpol, and the vendor supporting Biometric Hub — Idemia — but hasn't yet received a response as of this publication.

Besides privacy, Gallagher points out, a system containing the most sensitive identifying information belonging to the most dangerous criminals out there is an inevitable target for cyberattackers. And a breach of such a system wouldn't be unprecedented.

In 2019, for example, a 23-gigabyte leak at a company contracted by UK police and other government agencies led to the exposure of somewhere around one million fingerprint and facial recognition records. Elsewhere, background checks have been accessed from the US Department of Homeland Security, images have been stolen from Customs and Border Patrol, and more.

"I'm not saying that authorities are doing the wrong thing here — I think they are doing the right thing," Gallagher says. Then he predicts all the many ways the system could fail.

"How frequently do things like the cameras themselves malfunction? And what happens if somebody gets to the camera network? Internet of Things (IoT) devices are the easiest in the universe to hack into," he says.

"My argument is that, in a few years, biometrics won't be trusted," he warns. "Because I pass a camera 100 times a day in my enterprise, and that enterprise might not be securing that camera data very well."

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Interpol Arrests Smuggler With New Biometric Screening Database

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.
The vulnerabilities, both of which reside in the WebKit web browser engine, are described below -

CVE-2023-42916 - An out-of-bounds read issue that could be exploited to

Spyware / Threat Analysis

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.

The vulnerabilities, both of which reside in the WebKit web browser engine, are described below -

*   **CVE-2023-42916** - An out-of-bounds read issue that could be exploited to leak sensitive information when processing web content.
*   **CVE-2023-42917** - A memory corruption bug that could result in arbitrary code execution when processing web content.

Apple said it's aware of reports exploiting the shortcomings "against versions of iOS before iOS 16.7.1," which was released on October 10, 2023. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the twin flaws.

The iPhone maker did not provide additional information regarding ongoing exploitation, but previously disclosed zero-days in iOS have been used to deliver mercenary spyware targeting high-risk individuals, such as activists, dissidents, journalists, and politicians.

It's worth pointing out here that every third-party web browser that's available for iOS and iPadOS, including Google Chrome, Mozilla Firefox, and Microsoft Edge, and others, are powered by the WebKit rendering engine due to restrictions imposed by Apple, making it a lucrative and broad attack surface.

The updates are available for the following devices and operating systems -

*   **iOS 17.1.2 and iPadOS 17.1.2** - iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
*   **macOS Sonoma 14.1.2** - Macs running macOS Sonoma
*   **Safari 17.1.2** - Macs running macOS Monterey and macOS Ventura

With the latest security fixes, Apple has remediated as many as 19 actively exploited zero-days since the start of 2023. It also comes days after Google shipped fixes for a high-severity flaw in Chrome (CVE-2023-6345) that has also come under real-world attacks, making it the seventh zero-day to be patched by the company this year.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

By Waqas
Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW!
This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

Apple has recently released security updates to tackle two zero-day vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that hackers are actively exploiting.

Apple Inc. today released crucial security updates aimed at mitigating two critical zero-day vulnerabilities identified as CVE-2023-42916 and CVE-2023-42917. These vulnerabilities have been actively exploited by hackers, posing a significant risk to a wide range of Apple devices.

The vulnerabilities allow attackers to execute arbitrary code and access sensitive data on compromised devices. These security flaws are particularly concerning because they can be exploited through malicious web pages, exploiting a memory corruption bug to gain unauthorized access.

****Affected Devices****

Apple’s advisory lists a comprehensive range of devices vulnerable to these exploits:

*   iPhone XS and later models
*   iPad Pro 10.5-inch
*   iPad (6th generation and later)
*   iPad Air (3rd generation and later)
*   iPad mini (5th generation and later)
*   iPad Pro 11-inch (1st generation and later)
*   iPad Pro 12.9-inch (2nd generation and later)
*   Mac computers running macOS Monterey, Ventura, and Sonoma

****Immediate Action Recommended****

Apple urges all users of these devices to update their software immediately. The updates are designed to patch the vulnerabilities and protect devices from potential exploits. Users can update their devices by going to the ‘Settings’ menu, selecting ‘General’, and then tapping on ‘Software Update’.

The urgent release of these security patches highlights the growing challenges in cybersecurity. Security experts advise users to always keep their software updated to the latest version and to be cautious of suspicious web pages and downloads.

In a comment to Hackread.com, Michael Covington, VP of Portfolio Strategy at Apple device security and management company Jamf, urged users to immediately update their devices.

“These latest OS updates, which address bugs in Apple’s WebKit, show that attackers continue to focus on exploiting the framework that downloads and presents web-based content,” Michael said. The latest bugs could lead to both data leakage and arbitrary code execution and appear to be tied to targeted attacks that are common against high-risk users,” he wanted.

****How to Update Your Apple Devices?****

Apple provides detailed instructions to ensure that users update their devices effectively. For iPhone and iPad users, navigate to Settings > General and click on Software Update.

For macOS users, click on the Apple menu (), go to System Settings, select General, and then click on Software Update. Automatic updates should be enabled to receive the Rapid Security Response patches seamlessly. Restarting the device may be necessary to complete the update process.

****_RELATED ARTICLES_****

1.  **Apple Safari Safest, Google Chrome Riskiest Browser of 2022**
2.  **Update NOW! Pegasus Spyware Exploiting iPhones on Latest iOS**
3.  **Apple issues iPhone software update after fake police ransomware scam**

Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

This document describes the security content of Safari 17.1.2.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**Safari 17.1.2**

Released November 30, 2023

**WebKit**

Available for: macOS Monterey and macOS Ventura

Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Description: An out-of-bounds read was addressed with improved input validation.

WebKit Bugzilla: 265041  
CVE-2023-42916: Clément Lecigne of Google's Threat Analysis Group

**WebKit**

Available for: macOS Monterey and macOS Ventura

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Description: A memory corruption vulnerability was addressed with improved locking.

WebKit Bugzilla: 265067  
CVE-2023-42917: Clément Lecigne of Google's Threat Analysis Group

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: November 30, 2023

Tag

#apple