Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Members of public are advised to stay vigilant and not follow any instructions given by these scammers. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-Day Vulnerabilities in Apple Products
Alerts

Active Exploitation of Zero-Day Vulnerabilities in Apple Products

8 September 2023

Apple has released security updates to address two zero-day vulnerabilities (CVE-2023-41064 and CVE-2023-41061). The vulnerabilities are reportedly being actively exploited.

The vulnerabilities are:

CVE-2023-41064 - A buffer overflow vulnerability that gets triggered when processing maliciously crafted images.

CVE-2023-41061 - A validation vulnerability that can be exploited using a malicious attachment.

Successful exploitation of the vulnerabilities could allow an attacker to perform arbitrary code execution on the affected products.

The vulnerabilities affect the following products:

  • Macs running macOS Ventura

  • iPhone 8 and later

  • iPad Pro (all models)

  • iPad Air 3rd generation and later

  • iPad 5th generation and later

  • iPad mini 5th generation and later

  • Apple Watch Series 4 and later

Users of affected products are advised to update to the latest versions immediately:

  • macOS Ventura 13.5.2 for macOS Ventura

  • iOS 16.6.1 for iPhone 8 and later

  • iPadOS 16.6.1 for iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later and iPad mini 5th generation and later

  • watchOS 9.6.2 for Apple Watch Series 4 and later

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:

https://support.apple.com/en-us/HT213906

https://support.apple.com/en-us/HT213907

https://www.bleepingcomputer.com/news/apple/apple-discloses-2-new-zero-days-exploited-to-attack-iphones-macs/