Hacking

Apple addressed a new actively exploited zero-day tracked as CVE-2023-38606

Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari.

Apple released urgent security updates to address multiple flaws in iOS, iPadOS, macOS, tvOS, watchOS, and Safari, including an actively exploited zero-day.

The vulnerability, tracked as CVE-2023-38606, resides in the kernel and can be exploited to modify sensitive kernel state potentially. The company addressed the vulnerability with improved state management.

“An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1” reads the advisory published by Apple.

The vulnerability CVE-2023-38606 is one of the flaws exploited by the threat actors in the Operation Triangulation.

In early June, researchers from the Russian firm Kaspersky uncovered a previously unknown APT group that is targeting iOS devices with zero-click exploits as part of a long-running campaign dubbed Operation Triangulation.

The experts discovered the attack while monitoring the network traffic of their own corporate Wi-Fi network dedicated to mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA).

According to Kaspersky researchers, Operation Triangulation began at least in 2019 and is still ongoing.

The attack chains commenced with a message sent via the iMessage service to an iOS device. The message has an attachment containing an exploit. The expert explained that the message triggers a remote code execution vulnerability without any user interaction (zero-click).

Shortly after Kaspersky’s disclosure, Russia’s FSB accused the US intelligence for the attacks against the iPhones. According to Russian intelligence, thousands of iOS devices belonging to domestic subscribers and diplomatic missions and embassies have been targeted as part of Operation Triangulation.

The operations aimed at gathering intelligence from diplomats from NATO countries, Israel, China and Syria.

FSB believes that Apple supported US intelligence in this cyberespionage campaign.

Other zero-day flaws exploited during the operation are CVE-2023-32434 and CVE-2023-32435, which were both addressed by Apple in June.

Apple released the following updates:

Name and information linkAvailable forRelease date
Safari 16.6macOS Big Sur and macOS Monterey24 Jul 2023
iOS 16.6 and iPadOS 16.6iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later24 Jul 2023
iOS 15.7.8 and iPadOS 15.7.8iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)24 Jul 2023
macOS Ventura 13.5macOS Ventura24 Jul 2023
macOS Monterey 12.6.8macOS Monterey24 Jul 2023
macOS Big Sur 11.7.9macOS Big Sur24 Jul 2023
tvOS 16.6Apple TV 4K (all models) and Apple TV HD24 Jul 2023
watchOS 9.6Apple Watch Series 4 and later24 Jul 2023

Recently Apple has re-released its Rapid Security Response updates to address the CVE-2023-37450 flaw in iOS and macOS after fixing browsing issues on certain websites caused by the first RSR issued by the company.

On July 10, Apple released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address the zero-day flaw that has been actively exploited in the wild.

Tricking the victim into processing specially crafted web content may lead to arbitrary code execution.

The flaw resides in the WebKit and Apple addressed it by improving checks.

“Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by Apple.

The vulnerability CVE-2023-37450 was reported to the company by an anonymous researcher.

The IT giant did not reveal details about the attacks in the wild exploiting this issue or the nature of the threat actors.

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

New Rust infostealer Fickle Stealer spreads through various attack methods

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration A new Rust…

12 mins ago

An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and…

5 hours ago

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Resecurity researchers warn of a new activity of Smishing Triad, which has expanded its operations…

6 hours ago

Alleged researchers stole $3 million from Kraken exchange

Alleged researchers have exploited a zero-day in Kraken crypto exchange to steal $3 million worth…

16 hours ago

Google Chrome 126 update addresses multiple high-severity flaws

Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024…

19 hours ago

Chip maker giant AMD investigates a data breach

AMD announced an investigation after a threat actor attempted to sell data allegedly stolen from…

1 day ago

This website uses cookies.