Active Exploitation of Zero-day Vulnerability in Apple Products

Apple has released security updates to address a zero-day vulnerability (CVE-2023-38606) in their products. The vulnerability is reportedly being actively exploited.

Successful exploitation of the vulnerability could allow an attacker to modify sensitive kernel state on the vulnerable device, potentially giving the attacker control over it.

The vulnerability affects the following products:

• iPhone 6s (all models)

• iPhone 7 (all models)

• iPhone SE (1st generation)

• iPhone 8 and later

• iPad Pro (all models)

• iPad Air 3rd generation and later

• iPad 5th generation and later

• iPad mini 4th generation and later

• iPad Air 2

• iPod touch (7th generation)

• Apple Watch Series 4 and later

• Apple TV 4K (all models) and Apple TV HD

• Macs running macOS Big Sur, Monterey, and Ventura

Users of affected products are advised to install the latest security updates immediately.

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:

https://support.apple.com/en-us/HT213841

https://support.apple.com/en-us/HT201222

https://www.bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-used-in-attacks-against-iphones-macs/