Apple Patches Actively Exploited Zero-day Vulnerabilities in iOS and iPadOS (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439)

Apple has released multiple security advisories to address vulnerabilities in macOS, Safari, iOS, and iPadOS. Apple has mentioned in the advisory that they are aware of a report that the vulnerabilities may have been actively exploited.

CVE-2023-32434 and CVE-2023-32435 were discovered by Georgy Kucherin, Leonid Bezvershenko, and Boris Larin of Kaspersky, while CVE-2023-32439 was reported to Apple by an anonymous researcher. Security researchers from Kaspersky have mentioned that the vulnerabilities (CVE-2023-32434 and CVE-32435) were being used in the iOSTriangulation that has been active since 2019.

CISA has added the vulnerabilities (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439) to its Known Exploited Vulnerabilities Catalog and requested users to patch the vulnerabilities before July 14th, 2023.

CVE-2023-32434 (Kernel)

This integer overflow vulnerability may allow an attacker to execute arbitrary code with kernel privileges. Apple has mentioned in the advisory that the vulnerability may have been actively exploited against iOS versions before 15.7. Apple has fixed the vulnerability with improved input validation.

CVE-2023-32435 (WebKit)

This memory corruption vulnerability may lead to arbitrary code execution while processing web content. Apple has mentioned in the advisory that the vulnerability may have been actively exploited against iOS versions before 15.7. Apple has fixed the vulnerability with improved state management.

CVE-2023-32439 (WebKit)

An attacker may process maliciously crafted web content to exploit this type confusion vulnerability. Successful exploitation of this vulnerability may lead to arbitrary code execution. Apple has mentioned in the advisory that the vulnerability may have been actively exploited in the wild. Apple has fixed this vulnerability with improved checks.

Affected Products and Versions

  • Apple Safari versions before 16.5.1
  • Apple macOS Big Sur versions before 11.7.8
  • Apple iOS and iPadOS versions before 15.7.7
  • Apple iOS and iPadOS versions before 16.5.1
  • Apple macOS Ventura Versions before 13.4.1
  • Apple macOS Monterey versions before 12.6.7
  • iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
  • iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Mitigation

To patch the vulnerabilities, customers must upgrade to the latest macOS Ventura 13.4.1, macOS Monterey 12.6.7, macOS Big Sur 11.7.8, iOS and iPadOS 16.5.1, and Safari 16.5.1.

For more information, please visit the Apple security advisories for Safari, macOS Ventura, macOS Monterey, macOS Big Sur, iOS, and iPadOS.

Qualys Detection

Qualys customers can scan their devices with QIDs 378605, 378606, 378607, 378608, 610489, and 610490 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://support.apple.com/en-us/HT213809
https://support.apple.com/en-us/HT213810
https://support.apple.com/en-us/HT213811
https://support.apple.com/en-us/HT213813
https://support.apple.com/en-us/HT213814
https://support.apple.com/en-us/HT213816

Leave a Reply

Your email address will not be published. Required fields are marked *