On July 11, Apple released emergency patches for the latest versions of software used by its popular iPad, iPhone and Mac products. Due to the company’s own policy of not discussing security issues until an investigation has been completed, Apple hasn’t officially stated what security issues the patches were designed to fix.
However, experts assume they are associated with a live spyware or malware attack.
Source: Cyber News
Analysis
Field Effect has not detected any exploitation of these vulnerabilities in the wild, indicating that the ability to exploit the vulnerabilities likely rests with one or few threat actors. They were, however, threatening enough to warrant Apple releasing an emergency patch, suggesting the vulnerabilities were critical, possibly related to CVE-2023-32434 and CVE-2023-32345, which allowed an attacker to take over Apple devices.
These vulnerabilities were originally identified by Russia-based cybersecurity firm Kaspersky while it was investigating a previously unknown mobile advanced persistent threat (APT) campaign targeting iOS devices on its own network.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software such as Apple’s iOS. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate the exploitation of these vulnerabilities. Covalence users are automatically notified when vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible.
Field Effect strongly encourages users of Apple devices to update to the latest version of iOS as soon as possible.
References