2023-09-07
Apple Releases Updates to iOS, iPadOS, watchOS, and macOS to Fix Exploited Vulnerabilities
Apple today released iPadOS and iOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2. These updates address two already exploited vulnerabilities, CVE-2023-41061 and CVE-2023-41064. Both vulnerabilities may lead to arbitrary code execution. Apple credits the Citizen Lab at The University of Torontoʼs Munk School. Citizen Lab has discovered several vulnerabilities in Apple's operating systems in the past. They often are related to commercial software used by governments to attack activists.
Editor's Note
You probably want to have these vulnerabilities patched by the weekend. Note that Apple will likely release major operating system versions within a week or two. It will be interesting to see if these new versions arrive with patches for these vulnerabilities.
Johannes Ullrich
While there are only two vulnerabilities, CVE-2023-41064, Buffer overflow in ImageIO and CVE-2023-41061, a validation issue in Wallet. One or the other exists in the updated iOS/iPadOS 16.6.1, macOS 13.5.2 and watchOS 9.6.2. Queue these up for pushing to devices as soon as they are available in your MDM. Odds are iOS/iPadOS 17 will drop next week, you want to get these updates out, so you have time to not rush the decision to pull the trigger on iOS/iPadOS 17.
Lee Neely
See item below about critical Android vulnerabilities needing priority patching as well this week.