SOCRadar® Cyber Intelligence Inc. | CISA Warns: Patch Apple Zero-Day Vulnerabilities Until May


Apr 11, 2023
3 Mins Read

CISA Warns: Patch Apple Zero-Day Vulnerabilities Until May

Apple released patches on April 7 to address two zero-day vulnerabilities, CVE-2023-28205 and CVE-2023-28206. The vendor acknowledges a report of these vulnerabilities possibly being actively exploited for code execution on vulnerable devices.

Because the vulnerabilities also affect older devices, Apple issued updates on April 10 to backport the initial security patches. The updates are now available for some older Apple devices as well.

Vulnerability Details

CVE-2023-28205 is a use-after-free vulnerability in WebKit with high exploitability. When specially crafted web content is processed, this vulnerability may allow arbitrary code execution.

CVE-2023-28206 is an out-of-bounds write issue in IOSurfaceAccelerator. The vulnerability could allow an attacker to execute arbitrary code with kernel privileges using a maliciously crafted app.

Apple has fixed the first vulnerability with improved memory management and the second with improved input validation. The vulnerabilities do not yet have a CVSS score available on National Vulnerability Database. 

CISA Orders Federal Agencies to Patch Security Vulnerabilities in Apple Devices

The Cybersecurity and Infrastructure Security Agency (CISA) has instructed federal agencies to fix the two security vulnerabilities that have been used to hack into iPhones, Macs, and iPads, until May 1.

A directive known as BOD 22-01, issued in November 2022, requires Federal Civilian Executive Branch Agencies (FCEB) to secure their systems against all security bugs listed in CISA’s Known Exploited Vulnerabilities catalog. 

To comply with this directive, FCEB agencies must now protect iOS, iPadOS, and macOS devices against two flaws that were patched by Apple on Friday and added to CISA’s list of bugs that have been exploited in attacks on Monday.

FCEB agencies have until May 1st, 2023, to secure their systems against these vulnerabilities.

While the vulnerabilities are believed to have been exploited in only highly targeted attacks, it is recommended that they be fixed as soon as possible to prevent any future attacks.

The security updates are now available on the latest versions of:

  • iOS 16.4.1
  • iPadOS 16.4.1
  • macOS Ventura 13.3.1 
  • Safari 16.4.1

These updates cover a wide range of devices, such as:

  • iPhone 8 and later
  • iPad Pro all models
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later
  • Ventura for Macs
  • macOS Big Sur
  • Monterey

The update for macOS includes version 11.7.6 for Big Sur and 12.6.5 for Monterey. However, it should be noted that this update only focuses on addressing the CVE-2023-28206 vulnerability.

Updates have been expanded to also cover the following devices:

  • iPhone 6s all models
  • iPhone 7 all models
  • iPhone SE 1st generation
  • iPad Air 2
  • iPad mini 4th generation
  • iPod touch 7th generation

Better Vulnerability Management with SOCRadar

SOCRadar Vulnerability Intelligence Module

SOCRadar’s Vulnerability Intelligence can assist you in better managing vulnerability issues and prioritizing patches; you can search for and view detailed information about vulnerabilities on the platform. At the same time, its External Attack Surface Management (EASM) can discover your digital assets and alert you to any emerging issues.