CVE-2023-41992

Apple fixes two new iOS zero-days exploited in attacks on iPhones By Lawrence Abrams March 5, 2024 04:34 PM 0 Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), both allowing attackers with arbitrary kernel r...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Zero day? More like every day, amirite?

Apple has demonstrated that it can more than hold its own among the tech giants, at least in terms of finding itself on the wrong end of zero-day vulnerabilities. iOS and iPadOS have again come under attack, and Apple has rushed out a fix to ward off miscreants. The latest issues are CVE-2023-42824 and CVE-2023-5217. The latter is a week old and refers to a heap buffer overflow in the VP8 compression format in libvpx. Apple noted that the overflow could result in arbitrary code execution and fix...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab

Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as three CVE-listed flaws. We've just learned today that the Predator spyware sold by Intellexa used these vulnerabilities to infect at least one target's iPhone. The bugs are: Each bug, according to Apple, "may have been actively exploited against versions of iOS be...