top of page

Cyber Bites

More Apple patches released for active exploits

Apple just released updates for macOS Ventura, iOS 16, iPadOS 16 in addition to Safari on Big Sur and Monterey. These updates address vulnerabilities which can lead to arbitrary code execution and are being actively exploited, aka Zero-Day Attacks.

  • macOS Ventura goes to 13.3.1

  • Safari goes to 16.4.1

  • iOS 16 and iPadOS 16 go to 16.4.1

What to do

Update your Apple devices as soon as possible. For Monterey and Ventura update Safari and Ventura update the Operating System. For Ventura, Apple switched to updating Safari as part of OS updates versus standalone. Much like Microsoft does now with their Edge browser.

Covered CVEs

CVE-2023-28205 and CVE-2023-28206

Definitions

CVE (Common Vulnerabilities and Exposures) is a publicly disclosed cybersecurity vulnerability. It is assigned a unique identifier number and can affect software, hardware, or firmware. CVEs are used to track and manage vulnerabilities and are maintained by the MITRE Corporation.

Zero-day attacks - a type of cyber-attack that exploits a previously unknown vulnerability in a computer system or software. These attacks are called "zero-day" because they occur on the same day the vulnerability is discovered, meaning there is no time for a patch or fix to be developed and deployed. Zero-day vulnerabilities are typically discovered and utilized by cybercriminals or nation-states. When weaknesses are discovered by responsible security researchers, they are secretly disclosed to the vendor so patches can be released before attacks can be launched.

Source: Apple


Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.

Comments


bottom of page