- 145/2023
- High
Apple has released security updates to address multiple vulnerabilities across multiple products.
The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code, gain access or gain elevated privileges on the affected systems by persuading a victim to visit a specially crafted web site.
Sample of the addressed vulnerabilities:
1. Apple macOS WebKit Code Execution (CVE-2023-32439):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Apple macOS Kernel Privilege Escalation (CVE-2023-32434):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
Sample of the affected products:
- Apple macOS Big Sur 11.7.7
- Apple macOS Ventura 13.4
- Apple macOS Monterey 12.6.6
- Apple iOS 15.7.6
It should be highlighted that Apple is aware of 3 zero-day vulnerabilities in Kernel and WebKit tracked as CVE-2023-324034, CVE-2023-32435, and CVE-2023-32439 which have been actively exploited in the wild.
Vulnerabilities
- CVE-2023-32434
- CVE-2023-32435
- CVE-2023-32439
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.