Apple Users Face Two Actively Exploited 0-Day (CVE-2023-28205 & CVE-2023-28206) Flaws

In a world where digital security is paramount, Apple users have been dealt a blow with the recent discovery of two zero-day vulnerabilities affecting a range of devices. The flaws, CVE-2023-28205 and CVE-2023-28206, were discovered by researchers Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. Both vulnerabilities have been actively exploited, raising the stakes for users and putting Apple on high alert.

Photo by Paolo Giubilato on Unsplash

CVE-2023-28205: WebKit Use After Free Vulnerability

The first vulnerability, CVE-2023-28205, is a use-after-free vulnerability found in WebKit. It can be exploited by tricking targets into loading malicious web pages under the control of attackers, leading to code execution on compromised systems. In layman’s terms, simply visiting a compromised website could lead to attackers taking over your device.

The processing of maliciously crafted web content may result in arbitrary code execution, granting attackers unauthorized access to your device. Apple has addressed this use after free issue by improving memory management.

CVE-2023-28206: IOSurfaceAccelerator Out-of-Bounds Write Vulnerability

The second vulnerability, CVE-2023-28206, is an out-of-bounds write issue in IOSurfaceAccelerator. An app can exploit this flaw to execute arbitrary code with kernel privileges, giving attackers the highest level of access to the target device.

If an app exploits this vulnerability, it may be able to execute arbitrary code with kernel privileges, essentially handing over control of your device to attackers. Apple has addressed this out-of-bounds write issue by improving input validation.

“Apple is aware of a report that this issue may have been actively exploited,” Apple wrote in its security advisories [1,2,3].

Apple has taken swift action to address these zero-day vulnerabilities. Users can protect their devices by updating to iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1, where improved input validation and memory management have been implemented.

Apple has disclosed that the list of affected devices is extensive. It includes:

• iPhone 8 and later
• iPad Pro (all models)
• iPad Air 3rd generation and later
• iPad 5th generation and later
• iPad mini 5th generation and later
• Macs running macOS Ventura

Users are urged to update their devices immediately to protect against potential exploitation. As always, it’s crucial to maintain a proactive approach to cybersecurity and keep devices up to date with the latest patches and software updates.

Update: April 10th, 2023

Researcher released a PoC for the CVE-2023-28206 vulnerability.