{"id":52924,"date":"2023-07-25T22:07:06","date_gmt":"2023-07-25T22:07:06","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/apple-patches-exploited-bugs-in-iphones-plus-other-holes\/"},"modified":"2023-07-25T22:07:06","modified_gmt":"2023-07-25T22:07:06","slug":"apple-patches-exploited-bugs-in-iphones-plus-other-holes","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/apple-patches-exploited-bugs-in-iphones-plus-other-holes\/","title":{"rendered":"Apple patches exploited bugs in iPhones plus other holes"},"content":{"rendered":"

Apple has released fixes for several security flaws that affect its iPhones, iPads, macOS computers, and Apple TV and watches, and warned that some of these bugs have already been exploited.<\/p>\n

Here’s a quick list of all of the security updates released late on Monday afternoon:<\/p>\n

On Tuesday the US government’s Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm, too, warning<\/a> that “an attacker could exploit some of these vulnerabilities to take control of an affected device.” CISA urged users and admins to apply the software updates, and check automatic patching systems are working properly. We second that opinion.  <\/p>\n

One of the bugs, CVE-2023-32409, in Apple’s WebKit browser engine affects iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation). This one was discovered by Cl\u00e9ment Lecigne of Google’s Threat Analysis Group (TAG) and Donncha \u00d3 Cearbhaill of Amnesty International’s Security Lab. <\/p>\n

“A remote attacker may be able to break out of Web Content sandbox,” according to the iGiant’s advisory<\/a>. “Apple is aware of a report that this issue may have been actively exploited.”<\/p>\n