The Indian Computer Emergency Response Team (CERT-In) has reported multiple vulnerabilities in Apple iOS and iPadOS. These vulnerabilities can allow a hacker to execute arbitrary code, bypass security restrictions, elevated privileges, gain access to sensitive information or cause denial-of-service conditions on the targetted systems.
The report stated that these vulnerabilities could exist due to Type confusion, use-after-free flaw, permission issue and race condition in the Kernel component; out-of-bounds read, use-after-free flaw and buffer overflow in the WebKit component; logic issue in the LaunchServices component; out-of-bounds read flaw in the IOSurfaceAccelerator; authorization issue in the Sandbox component; out-of-bounds read flaw in the Model I/O component; out-of-bounds read flaw in the ImageIO component; improper bounds checking by the ImageIO component; improper permission flaw in the accessibility component; logic flaw in the Metal component; improper handling of caches in the TV App component; use-after-free flaw in the Telephony component; out-ofbounds read flaw in the IOSurfaceAccelerator; logic issue in the Shell component; out-of-bounds read flaw in the IOSurface component; flaw in the CoreServices component, System Settings, Photos, Security component ,Associated Domains, StorageKit, PDFKit, Accessibility, Wi-Fi component, Photos, Shortcuts, GeoServices, Core Location, NetworkExtension, WebKit component, AppleMobileFileIntegrity, Weather component , Cellular, Apple Neural Engine, CoreCapture comment and SQLit Component.”
This will further allow any hacker to persuade a victim into visiting maliciously crafted web content. These vulnerabilities categorised as CVE-2023-28204, CVE-2023-32373 and CVE-2023-32409, are already being exploited. The only solution as of now is to apply appropriate software updates as mentioned in the Apple security updates.
