Apple Neutralizes Exploited Vulnerabilities: A Comprehensive Update

Reading Time: ( Word Count: )

July 25, 2023

Apple has rolled out security enhancements to neutralise zero-day vulnerabilities exploited in cyber attacks against iPhones, Macs, and iPads.

In response to discovering a WebKit flaw identified as CVE-2023-37450, the company initiated a set of Rapid Security Response (RSR) updates this month. “Apple has received reports indicating potential active exploitation of this issue,” said the firm in a public advisory.

Today, Apple rectified another zero-day, a novel Kernel flaw identified as CVE-2023-38606, which had been exploited to target devices operating on older iOS versions. “We have received reports suggesting that versions of iOS released before iOS 15.7.1 may have been actively exploited due to this issue,” the company reported.

The exploitation on unpatched devices would enable attackers to alter sensitive kernel states. To remedy these two vulnerabilities, Apple incorporated enhanced state management and checks.

Apple Neutralizes Exploited Vulnerabilities

Kaspersky GReAT’s lead security researcher, Boris Larin, reported that CVE-2023-38606 was part of a zero-click exploit chain to implant Triangulation spyware on iPhones via iMessage exploits.

Also Read: “Unseen Risks: How the Stolen Microsoft Key Could Unlock More than Expected”

Additionally, the company applied retroactive security patches for a zero-day (CVE-2023-32409) addressed in May to devices using tvOS 16.6 and watchOS 9.6.

Apple countered the three zero-days in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5 by improving memory management, input validation, and bounds checks.

An extensive list of devices was affected by the two zero-days rectified today, including various iPhone and iPad models and Macs operating on macOS Big Sur, Monterey, and Ventura.

So far this year, Apple has remedied 11 zero-day flaws that attackers have exploited to target iOS, macOS, and iPadOS devices.

Earlier this month, Apple issued unscheduled Rapid Security Response (RSR) updates to neutralise a bug (CVE-2023-37450) impacting fully-patched iPhones, Macs, and iPads. Subsequently, the firm acknowledged that the RSR updates interrupted web browsing on specific websites and released corrected versions of the defective patches two days later.

Before this, Apple addressed several other zero-days, including:

  • Three in June (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439)
  • Another three in May (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373)
  • Two more in April (CVE-2023-28206 and CVE-2023-28205)
  • And a WebKit zero-day (CVE-2023-23529) in February



Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Wi-Fi Security Key vs. Password: Unraveling the Difference

Wi-Fi Security Key vs. Password: Unraveling the Difference

In the digital age, where connectivity is king, securing our Wi-Fi networks is paramount. When it comes to ...
Instagram Security Code Not Working

Instagram Security Code Not Working

In the realm of social media, Instagram stands as one of the most popular platforms for sharing moments, ...
T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

Today, T-Mobile users reported an alarming issue where they were able to view the account and billing details of ...
Best Anonymous Crypto Wallet

Best Anonymous Crypto Wallet

Many Bitcoin users value their anonymity. You must ensure that your personal information and digital assets are ...

Submit a Comment

Your email address will not be published. Required fields are marked *