Newly Exploited Vulnerabilities in Apple Devices

CISA orders federal agencies to patch exploited vulnerabilities affecting multiple Apple devices.

In mid-April, the Cybersecurity and Infrastructure Agency (CISA) ordered federal agencies to patch two vulnerabilities actively being exploited on iOS, iPadOS, and macOS devices. The vulnerabilities were also added to CISA’s Known Exploited Vulnerabilities catalog as of April 10th.

“What is the Known Exploited Vulnerabilities catalog?”

CISA maintains a publicly available catalog of vulnerabilities that they know have been exploited by known threat actors. They also require all federal civilian executive branch agencies to remediate all vulnerabilities in the catalog within certain timeframes under Binding Operational Directive 22-01. While this directive does not require private sector companies to patch these vulnerabilities, CISA strongly recommends that companies implement a requirement to immediately address vulnerabilities listed in the catalog as part of their vulnerability management plan. Since these vulnerabilities have been used against at least one victim already, whether successful or unsuccessful, the chances of hackers continuing to try to use the vulnerabilities are higher.

“How can I make sure I’m notified when new vulnerabilities are added to the catalog?”

Certain tools, such as Palo Alto Networks Cortex, Tenable Nessus, Runecast, Qualys VMDR, Wiz, Rapid7 InsightVM, and Rapid7 Nexpose automatically incorporate and flag vulnerabilities that are included in the Known Exploited Vulnerabilities Catalog. You can also subscribe directly to the Known Exploited Vulnerabilities Catalog Update Bulletin to be notified when new vulnerabilities are added to the catalog.

“So what are the vulnerabilities they just added, and how do I protect against them?”

Apple identified two vulnerabilities affecting certain Apple devices and released emergency security updates on April 7th:

❯      CVE-2023-28206: IOSurfaceAccelerator out-of-bounds write. This vulnerability could allow hackers to use a malicious app to execute arbitrary code with kernel privileges on targeted devices.

❯      CVE-2023-28205: WebKit use after free weakness. This vulnerability can be used to trick targets into loading malicious web pages that the hackers control, leading to code execution on compromised systems.

These vulnerabilities impacted iPhone 8 and later, all models of iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and macs running macOS Ventura. If you have any of these devices, make sure to update to the latest software version as soon as possible.

Do you need help implementing a vulnerability management program or want to better understand the threats to your network? Reach out to Hive Systems to talk about our Vulnerability Assessments today!

Ready to chat with one of our experts?

Follow us - stay ahead.

Read more of the ACT