19 May 2023 Blog Autor: Vlad

Apple, vulnerabilities actively exploited

Was it difficult to deploy Apple’s big security bulletin from early April?

Have you just rolled out the early May Rapid Security Response (RSR) security updates?

Perfect 😘, here is the new security bulletin from Apple fixing many vulnerabilities on all their systems and devices but in particular three which are actively exploited in the wild:

CVE-2023-32409, bypassing Safari protections when viewing a malicious webpage (understand “breaking out of the sandbox”). This vulnerability has been identified by Google and Amnesty International, exploited in the wild; CVE-2023-28204, information leak from Safari due to the poor security of processing inputs (content of a web page), allowing to obtain useful information in the construction of an exploitation chain combining several vulnerabilities; CVE-2023-32373, code execution in Safari allowing to partially take control of the target by simply viewing a web page. Since Safari is the default browser for all Apple devices, these vulnerabilities are present everywhere.

The subject has already been mentioned many times but it is the kind of vulnerabilities that we find exploited by tools like Pegasus (from NSO Group but there are many others, see “FUN Le Top arbitrariness of the past year 2022“), aimed at compromising and monitoring journalists, political opponents… If you have agreed to data collection to improve Apple’s (or Google’s) services and systems, be aware that in the event of a crash, Apple receives memory dumps of crashed apps and when they say ” actively exploited in the wild”, this means that they received memory dump and the analysis revealed the exploitation of vulnerabilities.

Here are the different systems and devices impacted:

All systems and devices combined, I counted 59 unique vulnerabilities (deduplicated), that’s a lot! In addition to actively exploited vulnerabilities in the wild, you have remote code executions, local privilege escalations… https://support.apple.com/en-us/HT201222

As always, update ASAP! And… good luck on this bridge weekend 😉.