Apple has once again released new emergency security updates to fix serious bugs in iOS and macOS that are being used by hackers to target iPhone and Mac users.
The first of these bugs (tracked as CVE-2023-41933) was discovered in the WebKit browser engine used in Safari while the second (tracked as CVE-2023-41991) was found in the Security framework. If exploited, these flaws could allow hackers to bypass signature validation using malicious apps or gain the ability to execute arbitrary code using their own malicious sites.
Meanwhile, the third bug (tracked as CVE-2023-41992) was found in the Kernel Framework which is used to provide APIs and support for kernel extensions and kernel-resident device drivers. By exploiting this flaw, an attacker could escalate privileges on a vulnerable iPhone or Mac.
In a security advisory, Apple explained that all three of these zero-day flaws were discovered by The Citizen Lab, though the company also revealed that they “may have been actively exploited by hackers against versions of iOS before iOS 16.7.”
Vulnerable Apple devices
Fortunately for iPhone and Mac users, Apple already fixed these three zero-day bugs with the release of iOS 16.7/17.0.1, macOS 12.7/13.6, iPadOS 16.7/17.0.1 and watchOS 9.6.3/10.0.1. Now, it’s up to you to install these emergency security updates if you have any vulnerable Apple devices.
The chances that you do are high though as both older and newer Apple devices are affected including the iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey and newer and Apple Watch Series 4 and later.
As is often the case with zero-day flaws like the ones described above, Apple has yet to provide any additional details on how hackers have been using these bugs in their attacks. The reason being is that this will give the company’s users a chance to update their devices before other hackers can devise new ways to leverage these flaws in their attacks.
How to keep your iPhone and Mac safe from hackers
Updating all of your devices may seem annoying and tedious at times but it’s the best way to stay safe from cyberattacks, malware and other threats online. This is because hackers often target users that haven’t updated their devices by creating exploits for zero-day flaws that have already been patched.
Besides keeping your devices up to date, you might also want to consider using the best Mac antivirus software for additional protection for your Mac. Sure, your Mac comes with built-in antivirus software from Apple called XProtect but just like Microsoft Defender on Windows, it sometimes misses the latest threats. Likewise, paid antivirus software often comes with extras like a VPN or password manager to help you stay safe online.
While there isn’t an iPhone equivalent of the best Android antivirus apps, Intego’s Mac antivirus software including Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 can scan an iPhone or iPad for malware when it’s connected to a Mac via USB.
Although 19 zero-day flaws may seem like a lot, it’s a good thing that Apple patches these flaws in a timely manner as some other companies will wait until after they’ve been used in a large-scale cyberattack to fix them.