Apple took swift action to address critical security concerns by releasing emergency security updates.
Two Zero-Click zero-day vulnerabilities, previously unknown to Apple, were exploited in recent cyberattacks.
Targeting Civil Society in Washington
These vulnerabilities were employed in attacks on civil society groups in Washington, comprising various organizations and individuals advocating for democracy and civil liberties.
Civil society in the United States plays a vital role in shaping the nation’s values and policies.
Citizen Lab’s Discovery
Citizen Lab, a prominent cybersecurity research firm, discovered one of these vulnerabilities. They reported it to Apple, who promptly released a patch, further enhancing security.
Apple also identified another related vulnerability, demonstrating its commitment to safeguarding users.
Vulnerability Details
The vulnerabilities were found in Image I/O and Wallet systems and are tracked as CVE-2023-41064 (discovered by Citizen Lab) and CVE-2023-41061 (discovered by Apple).
CVE-2023-41064 is a buffer overflow vulnerability that could lead to arbitrary code execution.
CVE-2023-41061 is a validation issue that could execute arbitrary code via a malicious attachment.
Wide Range of Affected Devices
Numerous Apple devices are impacted by these vulnerabilities, both older and newer models, including:
- iPhone 8 and later
- iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Mac computers running macOS Ventura
- Apple Watch Series 4 and later
Civil Society as a Cybersecurity Early Warning
John Scott-Railton of Citizen Lab emphasizes the crucial role of civil society in detecting and addressing cybersecurity threats.
NIX Solutions recommends that all Apple device users promptly install the latest security patches to protect their devices from potential threats.