Critical Updates Required for two Apple Zero-Day Vulnerabilities

Summary

Apple has released emergency updates to address two actively exploited zero-day flaws that could affect older devices including iPhones, iPads and Macs:

1. CVE-2023-28205
2. CVE-2023-28206

These vulnerabilities can allow threat actors and cyber criminals to execute their own code on the devices as well as within maliciously crafted apps. These are very serious flaws that need to be patched immediately in order to ensure you remain safe.

Impact to Services

Anyone with an Apple device is potentially at risk from these system flaws. Apple has not provided detailed information about how wide ranging the impact could be and therefore we recommend updates for all devices, including those not explicitly mentioned.

Recommended Actions

Update all Apple devices to address the zero-day flaws in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 by improving input validation and memory management. Apple stated that the bugs have also been patched on the following devices:

1. iPhone 6s (all models),
2. iPhone 7 (all models),
3. iPhone SE (1st generation),
4. iPad Air 2,
5. iPad mini (4th generation),
6. iPod touch (7th generation), and Macs running macOS Monterey and Big Sur.

Stay one step ahead of vulnerabilities like this by using a Fully Managed EDR solution that can help you stay secure.