Apple Patches Two Actively Exploited Vulnerabilities in macOS Ventura and Safari (CVE-2023-28205 & CVE-2023-28206)

Apple has released patches of two zero-day vulnerabilities in macOS Ventura. Apple has mentioned in the advisory that they are aware of the issues being exploited in the wild. The vulnerabilities are assigned with CVE-2023-28206 and CVE-2023-28205. Both vulnerabilities are discovered by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab.

CISA has added the vulnerabilities CVE-2023-28206 and CVE-2023-28205 to its Known Exploitable Vulnerabilities Catalog and requested users to patch the vulnerabilities before May 1st, 2023.

Description

CVE-2023-28205 (WebKit)

It is a use-after-free vulnerability that allows attackers to process maliciously crafted web content that may lead to arbitrary code execution.

By tricking targets into loading malicious websites under the control of attackers, it is possible to exploit the vulnerability, which could lead to the execution of malware on compromised systems. Maliciously designed web content can cause the execution of arbitrary code, giving attackers access to your device without your knowledge. Apple has fixed this vulnerability with improved memory management.

CVE-2023-28206 (IOSurfaceAccelerator)

This out-of-bounds write vulnerability may allow an attacker to perform arbitrary code execution with kernel privileges.  
 
The flaw arises when IOSurfaceAccelerator’s limits are exceeded. An application may exploit this vulnerability to run arbitrary code with kernel privileges. Apple has fixed this vulnerability with improved input validation.

Affected versions

  • iPhone 8 and later 
  • iPad Pro (all models) 
  • Safari versions before 16.4.1 
  • iPad 5th generation and later 
  • iPad Air 3rd generation and later 
  • iPad mini 5th generation and later 
  • Macs running macOS Ventura versions before 13.3.1

Mitigation

To patch the vulnerability, customers must upgrade to the latest iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1. 
 
For more information, please visit the Apple security advisories HT213721 and HT213722.  

Qualys Detection

Qualys customers can scan their devices with QIDs 378364,378365, 378376, and 378377 to detect vulnerable assets.  
  
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities. 
  
References 
https://support.apple.com/en-us/HT213721  
https://support.apple.com/en-us/HT213722  

Leave a Reply

Your email address will not be published. Required fields are marked *