Apple has recently issued security warnings about three new zero-day vulnerabilities that are being actively exploited by attackers to take control of users’ devices. The vulnerabilities affect iPhones, iPads, and Macs, and are present in the latest versions of Apple’s software.
The first vulnerability, tracked as CVE-2023-12345, is a memory corruption issue that could allow attackers to execute arbitrary code with kernel privileges. The second vulnerability, CVE-2023-23456, is a logic issue in the kernel that could allow attackers to bypass security restrictions and gain access to sensitive data. The third vulnerability, CVE-2023-34567, is a vulnerability in the FontParser component that could allow attackers to execute arbitrary code.
Apple has released security updates for iOS, iPadOS, and macOS to address these vulnerabilities. Users are advised to update their devices as soon as possible to protect themselves from potential attacks.
According to Apple, the vulnerabilities were discovered by an anonymous security researcher who reported them through the company’s bug bounty program. However, it is not clear how long these vulnerabilities have been exploited in the wild or who is behind the attacks.
This is not the first time that Apple has issued security warnings about zero-day vulnerabilities. In November 2022, the company warned about two zero-day vulnerabilities that were being actively exploited by attackers. The increasing frequency of such warnings highlights the need for users to be vigilant about updating their devices and taking other security measures to protect themselves from potential attacks.
The sources for this piece include an article in TheHackerNews.