Apple has released a patch to address a zero-day vulnerability (CVE-2023-38606). The security updates fix the vulnerability in multiple products such as macOS Ventura, Monterey, Big Sur, iOS, and iPadOS. Apple has mentioned in the advisory that they are aware of the active exploitation of the vulnerability in attacks against versions of iOS 15.7.1.
Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin, Leonid Bezvershenko, and Boris Larin of Kaspersky have discovered the zero-day vulnerability.
Apple has released other advisories to address multiple vulnerabilities in different products, including Safari, tvOS, and watchOS.
CISA added the CVE-2023-38606 to its Known Exploited Vulnerabilities Catalog requesting users to apply patches before August 16.
Earlier this month, Apple released Rapid Security Response (RSR) updates to address another zero-day CVE-2023-37450 being exploited in the wild.
Zero-day vulnerabilities addressed by Apple this year so far:
- CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439 in June
- CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 in May
- CVE-2023-28206 and CVE-2023-28205 in April
- WebKit (CVE-2023-23529) in February
CVE-2023-38606
The vulnerability may allow an attacker to alter sensitive kernel state. Apple has addressed the vulnerability with improved state management. The security updates address the vulnerability in iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Affected Products and Versions
- iOS and iPadOS versions prior to 16.6
- Apple macOS Ventura versions prior to 13.5
- Apple macOS Big Sur versions prior to 11.7.9
- Apple macOS Monterey versions prior to 12.6.8
Mitigation
To patch the vulnerability, customers must upgrade to the latest macOS Ventura 13.5, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 16.6, and iPadOS 16.6.
For more information, please visit the Apple security advisories for macOS Ventura, Monterey, Big Sur, iOS, and iPadOS.
Qualys Detection
Qualys customers can scan their devices with QIDs 378687, 378688, 378689, 610497, and 610498 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://support.apple.com/kb/HT213841
https://support.apple.com/kb/HT213842
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
https://support.apple.com/en-us/HT201222