Abu Dhabi: The authorities in the United Arab Emirates (UAE) have alerted residents of security vulnerabilities in certain Apple devices.
Taking to social media, the UAE Cyber Security Council said that three security vulnerabilities were detected in Apple products.
“Three security vulnerabilities have been detected in Apple products, targeting iPhone 8 and later, iPad Mini 5th generation and newer, macOS Monterey and later on Mac devices, and Apple Watch from version 4 and later,” the alert read.
The authority has advised users to install the latest updates on their Apple devices to ensure complete protection.
The authority shared fixed version for these vulnerabilities including
- watchOS 9.6.3/10.0.1
- MacOS 12.7/13.6
- iPadOS 16.7/17.0.1
- ios 16.7/17.0.1
Apple issue
On Thursday, September 21, Apple patched three zero-day vulnerabilities in macOS 12.7/13.6, iOS 17.0.1 and iPadOS 17.0.1 that Apple said “may have been actively exploited against versions of iOS before iOS 16.7.”
Two bugs in the WebKit browser engine (CVE-2023-41993) and Security framework (CVE-2023-41991) have been discovered, allowing attackers to bypass signature validation and execute arbitrary code through maliciously crafted webpages.
The third one was found in the Kernel Framework, which offers APIs and kernel extensions, has a flaw (CVE-2023-41992) that local attackers can exploit to escalate privileges.
All three zero-days were discovered and reported by Bill Marczak of the Citizen Lab at the University of Toronto’s Munk School and Maddy Stone of Google’s threat analysis team.
