Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16.
The list of security vulnerabilities is as follows -
Apple did not provide additional specifics barring an acknowledgement that the "issue may have been actively exploited against versions of iOS before iOS 16.7."
The list of security vulnerabilities is as follows -
- CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation.
- CVE-2023-41992 - A security flaw in Kernel that could allow a local attacker to elevate their privileges.
- CVE-2023-41993 - A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content.
Apple did not provide additional specifics barring an acknowledgement that the "issue may have been actively exploited against versions of iOS before iOS 16.7."