Apple, Who Prides itself on its Privacy & Security, Suffers its 10th Zero-Day Breach in 2023.

On July 10, 2023, BleepingComputer reported that Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

“Apple is aware of a report that this issue may have been actively exploited,” the company says in iOS and macOS advisories when describing the CVE-2023-37450 vulnerability reported by an anonymous security researcher.

“This Rapid Security Response provides important security fixes and is recommended for all users,” Apple warns on systems where the RSR patches are being delivered.

Since the start of 2023, Apple has had to patch ten zero-day flaws

that were exploited in the wild to hack iPhones, Macs, or iPads.

RSR patches have been introduced as compact updates designed to address security concerns on the iPhone, iPad, and Mac platforms, and they serve the purpose of resolving security issues that arise between major software updates, according to this support document.

Furthermore, some out-of-band security updates may also be employed to counter security vulnerabilities actively exploited in attacks.

If you turn off automatic updates or don’t install Rapid Security Responses when offered, your device will be patched as part of future software upgrades.

The list of emergency patches includes:

macOS Ventura 13.4.1 (a)
iOS 16.5.1 (a)
iPadOS 16.5.1 (a)
Safari 16.5.2

The flaw has been found in the WebKit browser engine developed by Apple, and it allows attackers to gain arbitrary code execution on targeted devices by tricking the targets into opening web pages containing maliciously crafted content.

The company addressed this security weakness with improved checks to mitigate exploitation attempts.

macOS 13.4.1 (a) RSR patch
macOS 13.4.1 (a) RSR patch
Tenth zero-day patched in 2023

Earlier this month, Apple addressed three zero-days (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439) exploited to deploy Triangulation spyware on iPhones via iMessage zero-click exploits.

It also fixed three more zero-days (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373) in May, the first reported by Amnesty International Security Lab and Google Threat Analysis Group researchers and likely used to install mercenary spyware.

In April, Apple fixed two other zero-days (CVE-2023-28206 and CVE-2023-28205) used as part of exploit chains of Android, iOS, and Chrome zero-day and n-day flaws to deploy spyware on devices belonging to high-risk targets.

In February, Apple patched another WebKit zero-day (CVE-2023-23529) exploited to gain code execution on vulnerable iPhones, iPads, and Macs.

Update: Apple has stopped pushing the RSR updates. This reportedly happened after some services, including Zoom, Facebook, and Instagram, began showing “Unsupported Browser” errors in Safari on patched devices because the extra “(a)” in the version was breaking the platforms’ user-agent detection.

An Apple spokesperson was not immediately available for comment when contacted by BleepingComputer.

What Are
& Risks?

What Are Geo-Poli-Cyber™ (GPCyber™) Warfare, Risks & Threats?

Geo-Poli-Cyber™ warfare has spread worldwide in recent years and is impacting everyone without exception through cyber attacks that are political, ideological, terrorist, extremist, ‘religious’ and/or geo-politically motivated. They are perpetrated by political and extremist groups, national security agencies and/or their proxies, and lone wolves.

Cyber security strategies and solutions that are followed like gospel have failed and will continue to fail to mitigate, defend and protect national sovereignty and corporate security from Geo-Poli-Cyber™ attacks on unprecedented scales and with devastating political, social, and financial consequences.
More Sinister and Destructive Than Financial Motivations

Geo-Poli-Cyber™ attacks are significantly different from financially motivated cyber-attacks in damage, scale, magnitude and require different and upscaled risk mitigation strategies and solutions.

Why Do Existing Strategies & Solution keep failing?

MLi Group chairman Khaled Fattal created the terms Poli-Cyber™ and Geo-Poli-Cyber™ (GPCyber™) back in 2012 because of seismic game-changing events he had observed years before. Fattal believed that these events and trends will cause …

Click to read more

Survivability News Latest