Apple Fixes Two New 0-Day CVE-2023-41064 & CVE-2023-41061 Bugs
Apple has released security updates to address two zero-day vulnerabilities that have been exploited in attacks to hack into iPhones, Macs, and iPads.
The vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061, were found in the ImageIO and Wallet frameworks. ImageIO is a framework that allows apps to load and process images, while Wallet is a framework that allows users to store and manage their payment cards and other credentials.
“Apple is aware of a report that this issue may have been actively exploited,” the company revealed in security advisories describing the flaws.
CVE-2023-41064 is a buffer overflow vulnerability in the ImageIO framework. An attacker could exploit this vulnerability by sending a specially crafted image to an affected device. If the image is processed, it could cause the device to crash or execute arbitrary code.
CVE-2023-41061 is a validation vulnerability in the Wallet framework. An attacker could exploit this vulnerability by sending a maliciously crafted attachment to an affected device. If the attachment is opened, it could cause the device to crash or execute arbitrary code.
The vulnerabilities had a broad reach, impacting an array of devices spanning from older to the latest models. The affected list includes:
- Apple Watch Series 4 and subsequent models
- Macs operating on macOS Ventura
- iPhone 8 and its successors
- All models of iPad Pro
- iPad Air, 3rd generation and beyond
- iPad starting from the 5th generation
- iPad mini, beginning from the 5th generation
Apple has released security updates for macOS Ventura 13.5.2, iOS and iPadOS 16.6.1, and watchOS 9.6.2 to address these vulnerabilities. Users are advised to update their devices as soon as possible.
The Citizen Lab at the University of Torontoʼs Munk School is credited with discovering the ImageIO vulnerability. The company has not disclosed who is responsible for exploiting the vulnerabilities.
These vulnerabilities are a reminder of the importance of keeping your devices up to date with the latest security patches. By doing so, you can help to protect yourself from attacks that exploit known vulnerabilities.
