On September 21, Apple released emergency updates to address three actively exploited zero-day vulnerabilities discovered in the WebKit browser engine (CVE-2023-41993), Security framework (CVE-2023-41991) and Kernel Framework (CVE-2023-41992) used by iPhones, Apple Watches, and MacBooks.
Successful exploitation of CVE-2023-41993 and CVE-2023-41991 could enable threat actors to bypass signature validation using malicious apps or gain arbitrary code execution via maliciously crafted web pages. CVE-2023-41992 could allow a threat actor with local access to escalate privileges.
The vulnerabilities were discovered and responsibly disclosed to Apple by security researchers known for discovering zero-day bugs abused in tailored spyware attacks targeting high-risk individuals, including journalists, opposition politicians, and dissidents.
Two weeks ago, the same researchers discovered two different vulnerabilities were actively abused as part of a zero-click iMessage exploit chain named BLASTPASS used to deploy NSO Group's Pegasus spyware on fully patched iPhones.
Source: Bleeping Computer
Analysis
The ability to exploit these vulnerabilities likely rests with one or a few threat actors who deploy them against limited, specific targets. Despite these limitations, the vulnerabilities were threatening enough to warrant Apple releasing an emergency patch to address the issue.
The high number (16) of emergency patches to address zero-day vulnerabilities in Apple software is indicative of sophisticated threat actors having a significant interest in gaining access to and obtaining information from Apple devices.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software such as Apple’s operating systems. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate the exploitation of these vulnerabilities. Covalence users are automatically notified when vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible.
Field Effect strongly encourages users of affected Apple devices to update to the latest operating system as soon as possible.
References
