SingCert advises Apple users to install updates against vulnerabilities immediately
Two vulnerabilities will be patched by the updates.
Apple recently released security updates to protect users’ devices from two new zero-day vulnerabilities that are being actively exploited in its products.
Zero-day vulnerabilities are system and device vulnerabilities that have been disclosed to the public but are not yet patched, making them open to exploitation.
The Cyber Security Agency of Singapore (CSA) advised users of the listed affected products to update to the latest iOS 16.4.1 and iPadOS 16.4.1 versions immediately and to enable automatic software updates on their devices.
One of the vulnerabilities is CVE-2023-28205, a WebKit use-after-free vulnerability that may allow attackers to execute malicious codes after the vulnerable device processes websites with such codes.
Another is CVE-2023-28206, an out-of-bounds write vulnerability that may allow attackers to use a malicious app to execute codes with in an unrestricted privileged mode on a vulnerable device.
These two vulnerabilities affect iPhone 8 and later, all models of iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later and Macs running macOS Ventura.