Apple has issued emergency security updates to address two newly exposed vulnerabilities that were exploited in cyberattacks on iPhone, iPad and Mac computers.
And the company confirmed Friday in two bulletins describing the problems: “Apple is aware of the report that this problem has been actively exploited.”
The first vulnerability, which is being tracked under ID CVE-2023-28206, can lead to data corruption, crashes, or code execution. Successful exploitation of this vulnerability allows an attacker to use a malicious application to execute arbitrary code with kernel privileges on target machines.
Similar to the first vulnerability, the other, tracked under ID CVE-2023-28205, could lead to data corruption or arbitrary code execution when freed memory is reused.
This vulnerability can be exploited by tricking targets into downloading malicious web pages under attackers' control, which can lead to code execution on compromised systems.
Okaz (Jeddah)
