{"id":47938,"date":"2023-04-17T13:25:41","date_gmt":"2023-04-17T17:25:41","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=47938"},"modified":"2023-04-17T14:07:32","modified_gmt":"2023-04-17T18:07:32","slug":"ios-macos-vulnerabilities-april-2023","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/ios-macos-vulnerabilities-april-2023\/47938\/","title":{"rendered":"Update iOS and macOS right now \u2014 again!"},"content":{"rendered":"

No sooner had we written about vulnerabilities in both Apple<\/a> and Microsoft<\/a> operating systems, as well as in Samsung Exynos chips<\/a>, allowing the hacking of smartphones without any action on the part of their owner, than news broke about a couple of very serious security holes in both iOS and macOS \u2014 besides the ones that attackers were already exploiting. The vulnerabilities are so critical that, to combat them, Apple rapidly released updates not only for the latest operating systems, but also for several previous versions. But let\u2019s take it step by step\u2026<\/p>\n

Vulnerabilities in WebKit and IOSurfaceAccelerator<\/h2>\n

In total, two vulnerabilities were discovered. The first one \u2014 named CVE-2023-28205<\/a> (threat level: \u201chigh\u201d [8.8\/10]) \u2014 concerns the WebKit<\/a> engine, which is the basis of the Safari browser (and not only that; more details below). The essence of this vulnerability is that, using a specially made malicious page, the bad guys can execute arbitrary code on a device.<\/p>\n

The second vulnerability \u2014 CVE-2023-28206<\/a> (threat level \u201chigh\u201d [8.6\/10]) \u2014 was discovered in the IOSurfaceAccelerator object. Attackers can use it to execute code with operating system core permissions. Thus, these two vulnerabilities can be used in combination: the first serves to initially penetrate the device so that the second can be exploited. The second, in turn, allows you to \u201cescape from the sandbox\u201d and do almost anything with the infected device.<\/p>\n

The vulnerabilities can be found in both macOS desktop operating systems and mobile ones: iOS, iPadOS and tvOS. Not only are the latest generations of these operating systems vulnerable, but previous ones are too, so Apple has released updates (one after the other) for a whole range of systems: macOS 11, 12 and 13, iOS\/iPadOS 15 and 16, and also tvOS 16.<\/p>\n

Why these vulnerabilities are dangerous<\/h2>\n

The WebKit engine is the only browser engine that\u2019s allowed on Apple\u2019s mobile operating systems. Whichever browser you use on your iPhone, WebKit will still be used to render web pages (so any browser on iOS is essentially Safari).<\/p>\n

Moreover, the same engine is also used when web pages are opened from any other application. Sometimes it might not even look like a web page, but WebKit will still be involved in displaying it. That\u2019s why it\u2019s so important to promptly install any new updates related to Safari<\/a>, even if you mainly use a different browser such as Google Chrome or Mozilla Firefox.<\/p>\n

Vulnerabilities in WebKit, such as the one described above, make possible the so-called \u201czero-click\u201d infection of an iPhone, iPad or Mac. That is, the device is infected without any active action by the user \u2014 it\u2019s enough just to lure them to a specially made malicious site.<\/p>\n

Often, such vulnerabilities are exploited in targeted attacks<\/a> on powerful people or large organizations (although regular users can also get hit if they have the bad luck to land on an infected page). And it seems that something similar is happening in this case. As usual, Apple is not releasing any details, but by all accounts<\/a>, the chain of vulnerabilities described above is already being actively used by unknown attackers to install spyware.<\/p>\n

\"The<\/a><\/p>\n

Moreover, since CVE-2023-28205 and CVE-2023-28206 have already become public knowledge and a proof of concept has already been published<\/a> for the second vulnerability, it\u2019s likely that other cybercriminals will start to exploit them too.<\/p>\n

How to protect yourself against the described vulnerabilities<\/h2>\n

Of course, the best way to protect against CVE-2023-28205 and CVE-2023-28206 is to promptly install the new Apple updates. Here\u2019s what you need to do, depending on the device in question:<\/p>\n