Apple Patches 2 Zero-Days RCE Vulnerabilities Affect macOS Ventura
April 10, 2023
Apple Patches 2 Zero-Days RCE Vulnerabilities Affect macOS Ventura
Apple released security updates to address two RCE zero-day vulnerabilities, one of them was found to be exploited in the wild.
The vulnerabilities were fixed in macOS Ventura 13.3.1
The 0-Day Vulnerabilities
- CVE-2023-28205 – (CVSS 3.1: 5.5, Medium) – WebKit use-after-free vulnerability, allows a threat actor to perform remote code execution (RCE) after the vulnerable device processes maliciously crafted web content.
- CVE-2023-28206 – (CVSS 3.1: 8.8, High) – IOSurfaceAccelerator out-of-bounds write vulnerability, allows a threat actor to perform remote code execution (RCE) with kernel privileges on affected devices using maliciously crafted app.
Vulnerable Products
- macOS Ventura version 13.3.0 and prior.
Mitigation
CYREBRO recommends users of macOS Ventura to update to version 13.3.1.
References: Apple Security Updates
