Blog: Apple, vulnerabilities actively exploited

Autor: Vlad
Published on

Was it difficult to deploy Apple’s big security bulletin from early April?

Have you just rolled out the early May Rapid Security Response (RSR) security updates?

Perfect 😘, here is the new security bulletin from Apple fixing many vulnerabilities on all their systems and devices but in particular three which are actively exploited in the wild:

CVE-2023-32409, bypassing Safari protections when viewing a malicious webpage (understand “breaking out of the sandbox”). This vulnerability has been identified by Google and Amnesty International, exploited in the wild; CVE-2023-28204, information leak from Safari due to the poor security of processing inputs (content of a web page), allowing to obtain useful information in the construction of an exploitation chain combining several vulnerabilities; CVE-2023-32373, code execution in Safari allowing to partially take control of the target by simply viewing a web page. Since Safari is the default browser for all Apple devices, these vulnerabilities are present everywhere.

The subject has already been mentioned many times but it is the kind of vulnerabilities that we find exploited by tools like Pegasus (from NSO Group but there are many others, see “FUN Le Top arbitrariness of the past year 2022“), aimed at compromising and monitoring journalists, political opponents… If you have agreed to data collection to improve Apple’s (or Google’s) services and systems, be aware that in the event of a crash, Apple receives memory dumps of crashed apps and when they say ” actively exploited in the wild”, this means that they received memory dump and the analysis revealed the exploitation of vulnerabilities.

Here are the different systems and devices impacted:

SystemVulnerable version (all versions less than or equal to…)Up to dateNumber of vulnerabilities
iOS et iPadO15.7.315.7.617
iOS et iPadOS16.4.1 (a)16.539
macOS Big Sur11.7.611.7.725
macOS Ventura13.3.113.451 😨
macOS Monterey12.6.512.6.629

All systems and devices combined, I counted 59 unique vulnerabilities (deduplicated), that’s a lot! In addition to actively exploited vulnerabilities in the wild, you have remote code executions, local privilege escalations…

As always, update ASAP! And… good luck on this bridge weekend 😉.

Blog: Debunking an RCE which CVSSv3 is 10.0 CVE-2020-35489

Blog: OmniSpace, from automated 0day XSS to RCE

Blog: CVE-2023-4634 - Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old Imagick