Apple has released security updates for iOS, iPadOS, and macOS to address two zero-day vulnerabilities that are actively being exploited by hackers. The vulnerabilities, found in the WebKit browser engine, allow for remote code execution and the planting of malicious code on devices. Apple has urged users to update their devices to the latest software versions to protect against these exploits. The identity of the hackers and their motives remain unknown.
Arm has issued a security advisory warning of an actively exploited vulnerability in the widely-used Mali GPU drivers. The flaw, tracked as CVE-2023-4211, allows improper access to freed memory, potentially compromising sensitive data. Arm has evidence of limited, targeted exploitation and has released a patch for some affected GPU architectures. However, older device models using the Midgard series are unlikely to receive a patch. Arm also disclosed two other vulnerabilities, CVE-2023-33200 and CVE-2023-34970, impacting Bifrost, Valhall, and Arm's 5th Gen GPU architecture. All three vulnerabilities require local access on the device and can be exploited by tricking users into downloading applications from unofficial sources.
Apple has released updates for macOS 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2 to address security vulnerabilities that may have been actively exploited. The updates fix issues related to processing maliciously crafted images and attachments, which could lead to arbitrary code execution. Apple recommends all users to install these updates as soon as possible.
