CISA Adds To Known Exploited Vulnerabilities Catalog


CISA has added two new vulnerabilities, CVE-2023-28206 and CVE-2023-28205, to its known Exploited Vulnerabilities Catalog

The vulnerabilities seem to directly impact iOS and iPadOS users, especially those using the versions iOS 15.7.5 and iPadOS 15.7.5.

Apple recently released iOS 15.7.5 and iPadOS 15.7.5, with important security updates. The security content of iOS 15.7.5 and iPadOS 15.7.5 has been documented, highlighting some vulnerabilities that could seriously affect users.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in the patch statement for both CVE-2023-28206 and CVE-2023-28205.

CVE-2023-28206 and CVE-2023-28205 explained 

One of the vulnerabilities that iOS 15.7.5 and iPadOS 15.7.5 aim to fix is related to the IOSurfaceAccelerator, which affects several Apple devices, including iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation). 

According to the documentation, an app may be able to execute arbitrary code with kernel privileges due to an out-of-bounds write issue.

Apple has acknowledged that this issue may have been actively exploited and has addressed it by improving input validation.

The vulnerability has been identified as CVE-2023-28206 and was reported by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab.

The other vulnerability that has been addressed in iOS 15.7.5 and iPadOS 15.7.5 is related to the WebKit, which also affects several Apple devices, including iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).

The documentation states that processing maliciously crafted web content could lead to arbitrary code execution. 

Apple Patches CVE-2023-28206 and CVE-2023-28205

Apple has taken swift action to address these vulnerabilities, and users are strongly advised to update their devices to iOS 15.7.5 and iPadOS 15.7.5 to protect them against these security threats.

The release of iOS 15.7.5 and iPadOS 15.7.5 comes with important security updates, addressing vulnerabilities that could seriously affect users. 

While it is reassuring to know that Apple is taking steps to address these vulnerabilities, users must also take responsibility for their security by ensuring that their devices are updated to the latest iOS or iPadOS. By doing so, users can protect themselves against potential security threats and enjoy a safer online experience.





Source link