Apple fixes security flaws

Apple has released security updates to patch three flaws that have been exploited by commercial spyware to infect iPhones and other devices.

The updates, which were released on September 22, 2023, should be installed as soon as possible to protect against these vulnerabilities.

The three flaws are CVE-2023-41991, a certificate validation issue that could allow a malicious app to bypass signature validation. CVE-2023-41992, a kernel-level privilege escalation hole that could be abused to gain full control of a device. And CVE-2023-41993, a web content processing flaw that could lead to arbitrary code execution.

macOS Monterey 12.7, macOS Ventura 13.6, watchOS 9.6.3, watchOS 10.0.1, iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, and Safari 16.6.1 are the Apple devices and software are affected by the flaws.

Google’s Threat Analysis Group (TAG) and The Citizen Lab have discovered evidence that these flaws were exploited by Predator spyware, which is sold by the company Intellexa. Intellexa was added to the U.S. entity list in July 2023 as a national security threat.

TAG has urged users to update their devices to the latest security patches and to use secure HTTPS rather than insecure HTTP where possible to help prevent redirects to malicious websites.

The sources for this piece include an article in TheRegister.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web