The Citizen Lab at The University of Torontoʼs Munk School has discovered two critical severity vulnerabilities in Apple macOS Ventura, iOS, and iPadOS. Tracked as CVE-2023-41064 and CVE-2023-41061, the vulnerabilities may allow an attacker to perform arbitrary code execution.
Apple is aware of the active exploitation of these vulnerabilities. The Citizen Lab has mentioned in their blog that Israeli spyware maker NSO Group has been exploiting the vulnerabilities to deliver Pegasus mercenary spyware.
CISA has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before October 2, 2023.
Zero-day vulnerabilities addressed by Apple this year so far:
- CVE-2023-38606 in July
- CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439 in June
- CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 in May
- CVE-2023-28206 and CVE-2023-28205 in April
- WebKit (CVE-2023-23529) in February
CVE-2023-41061
The vulnerability existing in Wallet arises from a validation flaw. An attacker may exploit this vulnerability with a maliciously crafted attachment. Successful exploitation of the vulnerability may result in arbitrary code execution. Apple has fixed the flaw with improved logic.
CVE-2023-41064
The vulnerability originates from a buffer overflow flaw in the ImageIO component. The vulnerability can be exploited by processing a maliciously crafted image. An attacker may exploit the vulnerability to perform arbitrary code execution. Apple has fixed the vulnerability with improved memory handling.
Affected Products and Versions
- iPhone 8 and later
- iPad Pro (all models)
- iPad 5th generation and later
- iPad Air 3rd generation and later
- iPad mini 5th generation and later
- macOS Ventura versions prior to 13.5.2
Mitigation
Customers must upgrade to the latest macOS Ventura 13.5.2, iOS 16.6.1, and iPadOS 16.6.1 to patch the vulnerabilities.
For more information, please visit the Apple security advisories for macOS Ventura, iOS, and iPadOS.
Qualys Detection
Qualys customers can scan their devices with QIDs 610508 and 378841 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://support.apple.com/en-us/HT213906
https://support.apple.com/en-us/HT213905