Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-Day Vulnerabilities in Apple Products
Alerts

Active Exploitation of Zero-Day Vulnerabilities in Apple Products

8 April 2023

Apple has released security updates to address two new zero-day vulnerabilities (CVE-2023-28205 and CVE-2023-28206) in their products. The vulnerabilities are reportedly being actively exploited.

 The two vulnerabilities are:

  • CVE-2023-28205: A WebKit use-after-free vulnerability that may allow attackers to execute arbitrary code after the vulnerable device processes maliciously crafted web content

  • CVE-2023-28206: An out-of-bounds write vulnerability that may allow attackers to use a maliciously crafted app to execute arbitrary code with kernel privileges on a vulnerable device

 
The vulnerability affects the following products:

  • iPhone 8 and later

  • iPad Pro (all models)

  • iPad Air 3rd generation and later

  • iPad 5th generation and later

  • iPad mini 5th generation and later 

  • Macs running macOS Ventura


Users of affected product versions are advised to update to the latest versions immediately.

Users are also advised to enable automatic software updates if available, by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:
https://support.apple.com/en-gb/HT213720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28205

Back to top