Apple just released updates for macOS Ventura, iOS 16, iPadOS 16 in addition to Safari on Big Sur and Monterey. These updates address vulnerabilities which can lead to arbitrary code execution and are being actively exploited, aka Zero-Day Attacks.
macOS Ventura goes to 13.3.1
Safari goes to 16.4.1
iOS 16 and iPadOS 16 go to 16.4.1
What to do
Update your Apple devices as soon as possible. For Monterey and Ventura update Safari and Ventura update the Operating System. For Ventura, Apple switched to updating Safari as part of OS updates versus standalone. Much like Microsoft does now with their Edge browser.
Covered CVEs
CVE-2023-28205 and CVE-2023-28206
Definitions
CVE (Common Vulnerabilities and Exposures) is a publicly disclosed cybersecurity vulnerability. It is assigned a unique identifier number and can affect software, hardware, or firmware. CVEs are used to track and manage vulnerabilities and are maintained by the MITRE Corporation.
Zero-day attacks - a type of cyber-attack that exploits a previously unknown vulnerability in a computer system or software. These attacks are called "zero-day" because they occur on the same day the vulnerability is discovered, meaning there is no time for a patch or fix to be developed and deployed. Zero-day vulnerabilities are typically discovered and utilized by cybercriminals or nation-states. When weaknesses are discovered by responsible security researchers, they are secretly disclosed to the vendor so patches can be released before attacks can be launched.
Source: Apple
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.
Comments