The two Apple zero-day vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061, reside in the Image I/O and Wallet frameworks.
CVE-2023-41064 is a buffer overflow issue that was reported by researchers from researchers at Citizen Lab. The IT giant addressed the flaw with improved memory handling.
“Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” .
CVE-2023-41061 is a validation issue that was discovered by Apple. The IT giant addressed the flaw with improved logic. An attacker can achieve arbitrary code execution by tricking the device into processing a specially crafted attachment.
“A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” .
Apple addressed the flaws with the release of macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2.
The company has already patched 13 actively exploited zero-day vulnerabilities in 2023, below is the list of the flaws fixed by the company:
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, zero-day)