Apple has rolled out a series of security updates for iOS, iPadOS, macOS, tvOS, watchOS, and Safari in response to 2 vulnerabilities. Both of them have already been exploited in the wild. When successfully exploited, the flaws allow an attacker to modify sensitive kernel states. We have added a new report to Lansweeper to help you locate vulnerable devices.
Apple Vulnerabilities CVE-2023-37450 and CVE-2023-38408
The vulnerability tracked as CVE-2023-37450 is a flaw in the WebKit browser engine that was patched earlier this month. An attacker could use this flaw to execute arbitrary code by tricking its targets into opening maliciously crafted web pages. Arbitrary code execution attacks can compromise the integrity of sensitive data and files.
CVE-2023-38606 is a Kernel vulnerability that has already been exploited in attacks against devices running older versions of iOS. On unpatched devices, the flaw allows attackers to modify sensitive kernel states. CVE-2023-38606 is also connected to the mobile cyber espionage campaign "Operation Triangulation" that we discussed in an earlier Apple vulnerability update.
Update Vulnerable Apple Devices
Apple has released a series of security updates for iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address these vulnerabilities, as well as backported security patches for a zero-day (CVE-2023-32409) affecting tvOS 16.6 and watchOS 9.6 that they already addressed in May. You can find an overview of all patches on Apple's security page. You can also find all fixed versions listed below.
|Safari 16.6||macOS Big Sur and macOS Monterey|
|iOS 16.6 and iPadOS 16.6||iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later|
|iOS 15.7.8 and iPadOS 15.7.8||iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)|
|macOS Ventura 13.5||macOS Ventura|
|macOS Monterey 12.6.8||macOS Monterey|
|macOS Big Sur 11.7.9||macOS Big Sur|
|tvOS 16.6||Apple TV 4K (all models) and Apple TV HD|
|watchOS 9.6||Apple Watch Series 4 and later|
Discover Vulnerable Apple Devices
To help you locate vulnerable Apple devices, we have added a new report to Lansweeper. This report will give you an actionable list of iOS, iPadOS and macOS devices that still need updates and are at risk. You can get the report via the link below. You can also check the version of your Safari installs with the Safari Version Audit report.