Critical Vulnerability
Apple; has released security updates that fix the 0-day vulnerability affecting iOS, macOS, and iPadOS operating systems. The vulnerability affects the WebKit browser engine, which is used by multiple products to display web content.
The vulnerability, tracked by code CVE-2023-37450 and with a high severity rating, allows threat actors to generate malicious web content and execute arbitrary code on the target system.
Apple confirmed reports of active exploitation of the vulnerability and fixed it with improved controls. However, after the security updates, Safari browser (versions before 16.5.2) stated that some applications such as Facebook, Instagram, and Zoom gave an “Unsupported Browser” error.
The vulnerability affects versions earlier than:
- iOS 16.5.1,
- iPadOS 16.5.1,
- macOS Ventura 13.4.1, and
- Safari 16.5.2.
Updates that fix security vulnerabilities with critical risk levels have been released by Apple. Users using vulnerable versions are recommended to upgrade to updated versions as soon as possible.
Be Careful for Your Apple Devices
Security experts have uncovered an advanced, targeted cyberattack that leverages Apple’s mobile devices. The attack, named “Triangulation,” is aimed at planting covert spyware into the iPhones of employees of certain companies, including middle and top management personnel.
The cyberattack employs an invisible iMessage carrying a malicious attachment. Utilizing multiple vulnerabilities within the iOS operating system, the attachment is executed on the device, stealthily installing the spyware. This occurs without the need for user action. Once in place, the spyware discreetly relays sensitive data back to remote servers, including microphone recordings, instant messenger photos, geolocation, and other user activity data. [Read More]
