June 22, 2023

Apple published security upgrades to address three RCE zero-day vulnerabilities that were discovered to be exploited in the wild.

The Vulnerabilities

• CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges.
• CVE-2023-32435 – A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.
• CVE-2023-32439 – A type confusion vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.

Vulnerable Products

• Safari versions prior to 16.5.1
• macOS Ventura versions prior to 13.4.1
• macOS Monterey versions prior to 12.6.7
• macOS Big Sur versions prior to 11.7.8

Mitigation

CYREBRO recommends to update relevant products up to the latest available releases in accordance with the Vulnerable Products section.

References: Apple Security Updates