The Cyber Security Agency of Singapore (CSA) issued an alert on security updates to address zero-day vulnerabilities, released by Apple. The vulnerabilities identified are:
- CVE-2023-41991 (Certification validation flaw in the Security Framework, which may allow cyber attackers to use malicious apps to bypass signature detection)
- CVE-2023-41992 (A flaw in the Kernel Framework, that could potentially enable a local cyber attacker to escalate their privileges)
- CVE-2023-41993 (Vulnerability within the Webkit Engine, that may be exploited through maliciously crafted webpage, leading to the execution of arbitrary code on the impacted products)
This is the list of affected Apple products:
- Apple Macs running macOS Ventura
- Apple iPhone 8 or later
- Apple iPad Pro (all models)
- Apple iPad Air 3rd generation and later
- Apple iPad 5th generation and later
- Apple iPad Mini 5th generation and later
- Apple Watch Series 4 and later
Users of these affected Apple devices are advised update to the latest versions immediately:
- macOS Ventura 13.6 for macOS Ventura
- iOS 17.0.1 for iPhone XS and later
- iPadOS 17.0.1 for iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- iOS 16.7 for iPhone 8 and later
- iPadOS 16.7 for iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- watchOS 10.0.1 for Apple Watch Series 4 and later
It is crucial to ensure that all your device’s software is kept up to date with the latest versions. This practice allows you to access new features and bug fixes as soon as they become available, to enhance the cybersecurity and the performance of your devices. Whenever possible, it is advisable to enable automatic software updates for added convenience.
News | IT Tips | Cybersecurity | Cyber Safety