Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

We Keep you Connected

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild.
The shortcomings are listed below –
It’s currently not clear how the flaws are being weaponized in the wild. Apple said both the vulnerabilities were addressed with improved validation in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.
The updates are available for the following devices –
With the latest development, Apple has addressed a total of three actively exploited zero-days in its software since the start of the year. In late January 2024, it plugged a type confusion flaw in WebKit (CVE-2024-23222) impacting iOS, iPadOS, macOS, tvOS, and Safari web browser that could result in arbitrary code execution.
The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two flaws to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to apply necessary updates by March 26, 2024.
The vulnerabilities concern an information disclosure flaw affecting Android Pixel devices (CVE-2023-21237) and an operating system command injection flaw in Sunhillo SureLine that could result in code execution with root privileges (CVE-2021-36380).
Google, in an advisory published in June 2023, acknowledged it found indications that “CVE-2023-21237 may be under limited, targeted exploitation.” As for CVE-2021-36380, Fortinet revealed late last year that a Mirai botnet called IZ1H9 was leveraging the flaw to corral susceptible devices into a DDoS botnet.
State of AI in the Cloud 2024
Find out what 150,000+ cloud accounts revealed about the AI surge.
Goodbye, Atlassian Server. Goodbye… Backups?
Protect your data on Atlassian Cloud from disaster with daily backups and on-demand restores.
Take Action Fast with Censys Search for Security Teams
Stay ahead of advanced threat actors with best-in-class threat intelligence from Censys Search.
Stay ahead of advanced threat actors with best-in-class threat intelligence from Censys Search.
From Humans to Bots: Every Identity in Your SaaS App Could Be a Backdoor for Cybercriminals.
Learn how to protect your innovations from emerging security threats with expert advice.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE