Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

Pierluigi Paganini September 07, 2023

Apple rolled out emergency security updates to address two new actively exploited zero-day vulnerabilities impacting iPhones and Macs.

The two Apple zero-day vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061, reside in the Image I/O and Wallet frameworks.

CVE-2023-41064 is a buffer overflow issue that was reported by researchers from researchers at Citizen Lab. The IT giant addressed the flaw with improved memory handling.

“Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” .

CVE-2023-41061 is a validation issue that was discovered by Apple. The IT giant addressed the flaw with improved logic. An attacker can achieve arbitrary code execution by tricking the device into processing a specially crafted attachment.

“A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” .

Apple addressed the flaws with the release of macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2.

The company has already patched 13 actively exploited zero-day vulnerabilities in 2023, below is the list of the flaws fixed by the company:

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, zero-day)



you might also like

leave a comment