June 22, 2023
Apple published security upgrades to address three RCE zero-day vulnerabilities that were discovered to be exploited in the wild.
- CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges.
- CVE-2023-32435 – A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.
- CVE-2023-32439 – A type confusion vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.
- Safari versions prior to 16.5.1
- macOS Ventura versions prior to 13.4.1
- macOS Monterey versions prior to 12.6.7
- macOS Big Sur versions prior to 11.7.8
CYREBRO recommends to update relevant products up to the latest available releases in accordance with the Vulnerable Products section.
References: Apple Security Updates