The Computer Emergency Response Team of France (CERT-FR) has issued an advisory regarding multiple vulnerabilities in Apple products. These vulnerabilities pose a significant threat, including data confidentiality breaches, security policy circumvention, remote denial of service, arbitrary code execution, and privilege escalation.
The affected Apple products and versions are as follows:
- iOS and iPadOS versions prior to 16.7 or 17
- macOS Sonoma versions prior to 14
- Safari versions prior to 17
- Xcode versions prior to 15
- tvOS versions prior to 17
- watchOS versions prior to 10
Some of these vulnerabilities may allow attackers to elevate privileges, compromise data confidentiality, and execute arbitrary code remotely. Notably, Apple reports that CVE-2023-41993 is actively being exploited in targeted attacks on iOS versions earlier than 16.7.
To address these vulnerabilities, Apple has released security bulletins with patches. It is strongly recommended that users update their Apple devices and software to the latest versions provided in these bulletins to mitigate the security risks associated with these vulnerabilities.
Source: Computer Emergency Response Team of France (CERT-FR)