Apple Patches 2 Zero-Days RCE Vulnerabilities Affect macOS Ventura

April 10, 2023

Apple Patches 2 Zero-Days RCE Vulnerabilities Affect macOS Ventura

Apple released security updates to address two RCE zero-day vulnerabilities, one of them was found to be exploited in the wild.

The vulnerabilities were fixed in macOS Ventura 13.3.1

The 0-Day Vulnerabilities

  • CVE-2023-28205 – (CVSS 3.1: 5.5, Medium) – WebKit use-after-free vulnerability, allows a threat actor to perform remote code execution (RCE) after the vulnerable device processes maliciously crafted web content.
  • CVE-2023-28206 – (CVSS 3.1: 8.8, High) – IOSurfaceAccelerator out-of-bounds write vulnerability, allows a threat actor to perform remote code execution (RCE) with kernel privileges on affected devices using maliciously crafted app.

Vulnerable Products

Mitigation

CYREBRO recommends users of macOS Ventura to update to version 13.3.1.

References: Apple Security Updates

Sign Up for Updates